Cybercriminals collaborate better than you – and it’s hurting your defences: IBM

Lack of effective collaborative mechanisms continues to keep CSOs struggling to keep up with nimbler and better-networked cybercriminals, a senior IBM security executive has warned as the company this week debuted a collaborative framework designed to empower companies to work together on cybersecurity.

Collaboration was a challenge that cybercriminals had long ago solved through the creation of communities of interest, often in hidden corners of the Darknet. Yet better-exposed corporations were still far less mature in their collaboration and sharing around security, IBM Security Services ANZ business unit executive John Vine Hall told CSO Australia.

“We know cybercriminals have their own methods of communicating and sharing ideas, content and capabilities,” he explained. “At the moment [businesses] don't collaborate and don't share information – and that's the fundamental advantage that the bad guys have. They're using every tool at their disposal to make sure they're doing bad things, and we're trying to put business on the same footing.”

The IBM announcement saw its Qradar security-analytics platform opened to third parties, with a range of app-development capabilities and a Security App Exchange that allows customers to both build and share new applications leveraging the company's extensive threat-analytics information.

While expanding the integration frameworks for QRadar allows third-party security providers to better integrate with the environment, wrapping these extensions into an accessible environment. Paired with an intuitive rules and app-development environment that Vine Hall said means there are “no skills required to go through the process of consuming information”, the platform is intended to provide a centre of gravity for collaboration around cybersecurity.

This approach will address what he says is the biggest issue within security environments which “is usually not a lack of data”. Collaboration would provide a forest-for-the-trees view that is often lacking in siloed IT-security environments.

“The issue is making sure you have context around what's going on,” he explained. “The reality is that most Australian businesses could invest 100-fold on what they are doing today, but given their limited view into what's going on in the cybersecurity world, they could never respond to it. It's way too dynamic for any one organisation to keep up with.”

Trading insights and new applications would “essentially give those customers, and anybody that wants to consume that information, a global capability that they couldn't otherwise get.”

The role of sharing and collaboration remains a tricky one within businesses, where IT security has traditionally been an internal affair and even mooted breach-notification legislation remains a contentious issue. Yet better threat intelligence is rapidly emerging as a great leveller, with even security body SANS Institute recently coming out to highlight the importance of better network threat detection in overall cybersecurity defences.

Read more: Territoriality, denial confounding chances at IT-security improvement, risk expert warns

A new white paper, on the role of data analytics within the context of threat-detection, highlighted the importance of better threat detection in meeting the goals embodied within the Critical Security Controls (CSCs) set down by the SANS Institute and Center for Internet Security (CIS).

“The Critical Security Controls enable organizations to ensure they implement essential hygiene to manage risks,” Center for Internet Security CSO Jane Lute said in a statement, noting that an automated threat-analytics tool “has the ability to sit within the network and look for anomalous behavior – not just dependent on what it’s seen before but looking at how the network is operating, recognize it in real time, and allow mitigation to proceed in real time.”

When these capabilities are combined with the type of collaboration IBM is espousing, Vine Hall believes, the combination will empower companies to improve their cybersecurity response in new and far more effective ways than they've been able to do in the past. This is particularly salient given the federal government's investment this week in a range of cybersecurity-related innovation areas, including a $30m commitment to fund the establishment of a Cyber Security Growth Centre.

This culture of innovation will thrive in the context of tools facilitating better collaboration and innovation, according to Vine Hall.

“The intent is to both encourage development of Australian content and to make sure that we're collaborating,” he said, “but also that collaboration between security researchers and businesses is recognised by government as a key to our success in terms of combating cybercrime. That's the next frontier in terms of how we're going to be successful in combatting cybercrime.”


Security ALERT!

Need help making the right choice for you business? Need to update your system but don't know where to start? CSO can help, check out our security hub today.

Gigamon Transform Security Zone

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecuritysecurity executiveIBMQRadarDarknetIBM announcementcybercriminalsCSO Australia

More about CSOGigamonSANS Institute

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place