Threat Intelligence: Collaborating to Defend

In a previous post, I discussed a series of trends driving investment interest in cybersecurity.  A few of these trends – crowdsourcing and consumerization – coupled with ever-increasing risk and complexity in the cyber world have coalesced to form one of the fastest growing areas in security – threat intelligence.

Threat intelligence is a term used to describe services and products designed to convert research on threats (malware, hackers, cyber-attacks, campaigns, etc.) into real-time defenses. With the rise of sophisticated attacks such as the ones launched against Sony this past year, threat intelligence has become a required element in any company’s security arsenal.

This is especially true for companies that host or maintain sensitive financial and personal user data because hackers crave such information.  In the modern IT landscape, infrastructure costs have decreased dramatically due to the ubiquity of open source software like Linux and Hadoop, and popularity of public cloud solutions such as Amazon AWS and Azure.  With the reduction in costs to store and maintain large data stores, hackers are just as likely to find sensitive data sitting within a small company as they are to spot this data within a large financial institution.  Hence, motivated adversaries don’t discriminate in who they target – companies of any size in any geography are at risk.

Compounding the challenges for small and mid-sized players, sophisticated hackers rarely employ simple, easily detectible methods to compromise systems.  Rather, they use a host of techniques such as encryption and obfuscation to cover their tracks, making it difficult for traditional security systems to discover that an attack is underway.

Facing these increasingly sophisticated and costly attacks requires threat intelligence.  For SMBs and mid-sized companies, converting research into real-time threat defenses can mean the difference between a full-scale data breach and a thwarted attempt.  Hence, demand among SMBs for data intelligence is on the rise.

Unfortunately traditional threat intelligence isn’t cheap. You need to hire security researchers to analyze hidden attacks and discern ways to counter their obfuscation, detecting them in the wild. You need to hire expert software engineers to convert this research into signatures and definitions that Security Information & Event Management systems (SIEMs) and Intrusion Detection and Intrusion Prevention Systems (IDS and IPS, respectively) can consume.  And, you need to do all of this quickly and repeatedly; hackers do not respect the notion of traditional business hours.  These factors make building threat intelligence very expensive, so it’s difficult for companies outside the Fortune 500 to invest in the defenses they need to protect themselves.

But what SMBs and small enterprises lack in security budget, they make up for in numbers. A “neighborhood watch” approach to threat intelligence has been gaining prominence in security, with smaller companies banding together to share threat data and collaboratively develop threat intelligence. In so doing, companies diffuse the cost of threat intelligence and lower each other’s risk in dealing with sophisticated adversaries.

Technology like AlienVault’s Open Threat Exchange (OTX) platform is at the forefront of this movement.  OTX 2.0 has just entered closed beta and is designed to allow security users of all sizes and expertise levels to collaboratively develop and build threat intelligence with their peers.

Collaborative threat intelligence is not just a tool for SMBs. Sharing data and working together to confront online threats is just as valuable for the enterprise as it is for startups, but I’m particularly excited about the power OTX 2.0 puts in the hands of SMBs and mid-sized companies.  Sophisticated hackers are networked and specialized; now SMBs who utilize OTX 2.0 can counter adversaries with a strong network of their own.

If you’re interested to join the OTX 2.0 beta program, you can sign up here.

Leave a Reply

Your email address will not be published. Required fields are marked *