Security intelligence and sharing lead to hacker disappointment

When we look at how cybercrime is being addressed globally, Bill Taylor, LogRhythm’s vice president for Asia Pacific and Japan says it’s a matter of following the money.

“When you look at international organised crime, it’s worth about $1.7 trillion a year. It’s made up six or seven key components. Those are things like counterfeiting, arms trade, drugs, people trafficking and smuggling, the sex trade,” he says.

While counterfeiting, including the production of fake goods such as fashion, is worth about $520B cybercrime is the second most prolific category at around $475B and it’s growing faster than any other category.

Most of the large crime categories are handled by specific agencies such as intelligence agencies and police forces.

“Whose decision was it to leave the second biggest transnational organised crime criteria to the IT department? That’s what we did. We said the IT department will fix it - it’s a half a trillion dollar problem but get some software and that will stop it all,” says Taylor.

Taylor says we’ve disregarded the cyber threat from a government perspective, a commercial perspective and a vendor perspective.

“Now we’re playing catch up,” he says.

Over the last decade, we’ve seen the emergence of various point solutions and SIEM systems. But these have either been too complex to deploy effectively or have not addressed the challenges at their root causes.

But Taylor says a new approach is emerging.

“There’s a new phase coming through, over the last 18 months. This is a culmination of the mistakes that were made and the ignorance surrounding these threats. We’ve seen many of these threats since the 90s. There were ransomware attempts back then – they’re not new. We chose to ignore it and focus on drugs and arms and other things.”

The good news is that a new approach is proving to be more effective says Taylor. This is the use of SEIMs but with greater intelligence. These are security intelligence systems that are built upon SEIMs – which he says were a good foundation that weren’t executed particularly well – but look at end-point and user behaviour, external threat feeds, compliance and governance.

Taylor observed that at the recent Garter Security and Risk Management Summit, there were about 44 vendors with stands in the exhibition space. He estimates 40 of those were offering point solutions. Many of those will either be merged into other solutions, acquired or copied into broader security solutions.

Important elements in building a security intelligence platform are the availability of data and programming expertise to get the artificial intelligence and machine learning right.

Taylor cited the consolidation we’ve seen in the network industry with a handful of large vendors dominating the market. He expects a similar market consolidation in security analytics.

“In five to eight years’ time, we’re going to see the culmination of many technologies coming under a broad front of three or four suppliers.”

While today, most networks use a combination of firewalls, intrusion detection systems and other appliances, the future will see them act as part of a broader security intelligence platform where the traffic and activity they log will be aggregated and analysed to provide useful information.

The consolidation of vendors will facilitate that as there will be fewer different platforms to integrate.

In addition, there needs to be broader interaction in the business sector where security intelligence is shared. Although some industries do this, others are more guarded even when information sharing would be beneficial. For example, sharing information about ransomware attacks in retail could alert banks to increase their defences and tune their security intelligence solutions.

Taylor says this gets you back to security being placed back with IT.

“It’s a half a trillion-dollar problem being handled by IT people. Executives say they’ve given the IT department $10M to spend to fix this. Nobody is going to be able to fix it because you can’t stop them from coming in. You need to build a sophisticated set of tools and have dialog between parties sharing information. The more you talk about it, the more the hackers are going to be disappointed”.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersLogRythmCSOwar on armsSIEMcyber threatpeople traffickingGartner Security & Risk Summit 2016counterfeitingdrugsinfosecsecuritysmugglingsex tradesecurity intelligencegovernmentcybercrimeIT#GartnerSEC

More about BillLogRhythm

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts