Regional security approach pays threat-intelligence dividends but sharing must be managed

Rapid expansion of Australian banking infrastructure will enable financial-services organisations to push harder into Asia-Pacific geographies while leveraging Australia-hosted security services and threat-intelligence infrastructures, according to Akamai's newly-appointed regional security chief.

While business expansion to many historically fraud-prone regional countries had been difficult in the past, the company's APJ chief technology officer Michael Smith told CSO Australia, increasing network flexibility was allowing that expansion to happen without the need to build extensive services locally as in the past.

This increased the overall security of financial-services offerings that were being built on secure delivery of services from Australia, which are being designed to adapt to the widely varying capabilities of regional telecommunications links.

“Some of our customers, that have a regional Web site or regional user populations, don't necessary need as much speed, so we position a lot more security products up front,” Smith explained.

“At the same time, we can help customers branch out into these new territories, keeping the infrastructure piece in Australia but still delivering performance that's acceptable to users inside of regional countries.”

Akamai has been supporting these capabilities with heightened information-security capabilities in a push that saw Smith recently put into his current role: “this is a huge growth area for us as a company, and as time goes along we'll get more and more involved” in the security-services market.

That's a significant change for a company that built its business around the fast and efficient global distribution of Web content. But as customers come to expect more flexible and responsive security capabilities, Smith said, Akamai is increasingly leveraging its far-reaching visibility into Internet traffic to help drive the rapid sharing of threat information.

This information, typically relating to tactics, techniques and procedures (TTPs) and indicators of compromise (IOC), has become increasingly important in helping Akamai work with other services and infrastructure providers to mount an effective regional threat response – crucial as financial-services players become more exposed in regions where fraud is known to be high.

Use of the four-stage traffic light protocol (TLP) designation had helped standardise the exchange of such information, which is both useful to security-cautious organisations but can become a problem if it makes its way back to the cyber-criminals to which it pertains.

“A lot of people talk about information sharing, but it's actually hard to do sometimes,” Smith said, noting that despite increasing participation in spirit from governmental law-enforcement organisations many security threats were still taking too long to make their way through the security community.

“When I see something affect one customers, I see if it affects others too – and if it does, it's a question of how I can share information without exposing it in such information a way that your sources don't dry up.”

“You can't disclose to the bad guys how much you know about them and how you're planning to stop them.”

The importance of managing such alerts became clear when Akamai observed a series of attacks on e-commerce, infrastructure and financial-services organisations in North America. Akamai's security team was able to collect detailed information on the method of exploit, which became useful again when the same team of hackers began hitting Australian targets 8 months later.

Read more: How SSL encryption gives a false sense of security

“We run into this interesting scenario where we have a bunch of information on the attacker, but need to disseminate it to existing customers and prospects to help them defend themselves,” Smith said. “TLP offers a quick and dirty way to get information to somebody with a little guidance on what they can do to share that information.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags Australian banking infrastructuretechniques and procedures (TTPs)Michael Smithsecurity approachthreat-intelligenceAkamai'cyber-criminalsCSO Australia

More about CSOEnex TestLabIOCTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place