Cybersecurity firms step up intel sharing despite issues of trust

The collaboration has been protecting companies from the latest cyber attacks

The war against cybercriminals won’t be won alone. To keep hackers at bay, security vendors are establishing more ways for their customers to cooperate and share data about the latest threats -- even as it sparks concerns about trust and competition.

“We have to win this war together,” said Ben Johnson, chief security strategist of Carbon Black.

The company is the latest to help pool together security expertise with a new platform called the Detection eXchange.

Carbon Black protects the networks of thousands of companies, and it's now opening a line of communication between them. More than a virus signature or an IP address, the exchange aims to foster the sharing of "patterns of attack," which identify behaviors and tactics employed by malicious hackers.

That can be valuable knowledge, Carbon Black says, because those patterns are harder for hackers to quickly change than something like an IP address.

Although CISA has raised concerns about privacy, because the government will be the clearing house for data that gets shared, security vendors say collaborating on intelligence can help their clients prevent the next cyberattacks.

Palo Alto Networks is another vendor trying to build a culture of cooperation. The industry has been focused on protecting data, but it needs to share it too, said the company’s chief security officer, Rick Howard.

In 2014, Palo Alto Networks joined with rivals including Fortinet, Intel Security and Symantec to form the Cyber Threat Alliance. The vendors are each sharing around 1,000 malware samples each day and using that data to bolster their security products.

The alliance is still small, with only about eight members, but Howard believes it will be a “game changer” if the group can expand to 50.

Eventually, the alliance aims to have have enough intelligence to keep pace with the latest strategies hackers are using, which will let them move faster in protecting clients.

The collaboration clearly has it benefits, but an alliance in which competing vendors share information that's central to their businesses isn't easy to pull off. 

“When I first started, I gave it a year," Howard said. "I thought, 'There's no way this is going to hold together.'"

But customers like it and regularly encourage the company to expand the cooperation. He's optimistic that it could last. “We had to learn to trust each other, because we don’t like each other,” he jokes.

The intelligence sharing fills gaps in what each security vendor knows. For instance, Palo Alto Networks and Symantec overlap in only about 70 percent of the malware intelligence they share, according to Howard.

The reluctance to share may also be a challenge for Carbon Black. Companies prefer to keep data private and fear revealing too much, Johnson said, which is why contributors can chose to share on its platform anonymously. But he maintains it's useful at a time when IT security talent is scarce.

“Small companies can understand what big companies are seeing and vice-versa,” Johnson said.  “It’s a tremendous benefit.”

Jane Wright, an analyst at Technology Business Research, said Carbon Black’s exchange can act as a “water cooler” where security professionals talk about best practices and incident response. Even so, "sometimes the most valuable sharing just isn’t happening,” she said.

A major fear is that information shared about vulnerabilities or a company's infrastructure may be leaked accidentally to other hackers. But the pros can outweigh the cons. Companies Wright has talked to see the benefits of wider collaboration and even expect it from their vendor. They realize they’re walking a fine line between the risk of sharing too much and potentially stopping the next cyber attack.

Join the CSO newsletter!

Error: Please check your email address.

More about Carbon BlackFortinetIntelIntel SecurityPalo Alto NetworksSymantecTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place