Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

Threat Intelligence: What to Share?

Global Banking And Finance 1 News

 

Conrad Constantine, Research Team Engineer, AlienVault
 
Year after year, I hear the same refrain in information security: “We need to share more data about security threats.” 
 
IT is a fast-moving field—ideas arise, reach prototype, and go to market quicker than it takes for the average clinical trial to be cleared; yet this one concept within information security – that defense requires greater visibility than can be obtained from any single network and to have a fighting chance we should reciprocally distribute data on the attacks and attackers we identify, remains an unresolved debate.
Those in favor of sharing information show that although they’ve had some limited success, the process has been difficult to build out and integrate, and the results are mixed due to insufficient data. More data sharing seems like an excellent idea, but they can only conjecture what the curve on the return on investment is for it at higher levels.
 
Those against sharing, demonstrate a few early experiments where they have publicly collaborated on data sharing, been burned by the public data being used as counter-intelligence, and promptly returned to either not sharing at all, or sharing within a very limited group.
 
There is some sharing of security data happening out there right now, in varying degrees of scope and success.
Public and semi-public clearinghouses such as MalwareDomainList.com, provide an excellent free source of single-scope threat intelligence. But the data is limited and organizations must construct their own processes and technology to consume it effectively.
 
Private data sharing arrangements exist between some large organizations, and some Government bodies mandate the need to share information, but we live in an age where the tide is turning against publicly-available information. Information is valuable beyond measure and things of value are instinctively hoarded away in private. 
 
After a decade of discussion and attempts to reach critical mass in the move to a sufficiently effective level of data sharing, we still find ourselves at this impasse. 
 
So how do we move forward? So far, the only answer I’ve arrived at for this is that stressing the importance of ‘enlightened self interest’ may be the only winnable argument in this debate – the idea that if I help others, it furthers my own goals seems to be a perfectly reasonable compromise.
 
Data sharing doesn’t mean giving things away
Any good data sharing solution is going to result in you receiving more than you give. A data sharing solution that allows one participant to gain a fundamental business advantage over other parties is likely broken. 
 
Data Sharing is not an all-or-nothing arrangement
Within the security realm there are a great number of layers of data within the field. Being selective about what is shared and to what level of detail is perfectly reasonable.
 
All intelligence is counter-intelligence
Open information sharing networks will be infiltrated by attackers, without a doubt. So long as the system does not enable the attacker to infer detailed information about what a particular target knows, to stay a step ahead of them.
 
Intelligence data that cannot be acted upon, is worthless
The more open an intelligence source, the more generic the format it must be communicated in. Public sources of threat intelligence are published in the lowest-common denominator format – text files of IP address, CSV files, etc. For many security organizations using these feeds, they process the information manually via analysts performing searches across logs.
 
The path forward
It is essential to the success of data sharing that the content is detailed and consumable – or it won’t work. Getting organizations to overcome the reluctance to share detailed information outside their borders will require more detailed, incremental programs of information sharing; ones that start out with simple statistical sharing (like the Verizon VERIS framework) and then ramp up through programs of threat agent information. 
 
Adoption of tokenization and anonymization techniques and standards that can be implemented without significant effort will be an important factor in allowing organization to collaborate without undue legal or operational liability. Some level of assurance that the information shared will not (nay, cannot) be used against the contributing organization directly, is a requirement only the most reckless would ignore.
 
We’ve spent well over a decade now debating the need for more shared security data as the sanest way to raise the cost of entry and lower the return on investment for criminals and spies alike. “Fail Early, Fast Fast, Fail Often” is a popular idea in the Agile Of All Things nowadays; let’s see that applied to more attempts at making the promises of a shared pool of security data arrive while we’re all still in business to see it.
 
 

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post