Cybercriminals collaborate better than you – and it’s hurting your defences: IBM
- 11 December, 2015 10:13
Lack of effective collaborative mechanisms continues to keep CSOs struggling to keep up with nimbler and better-networked cybercriminals, a senior IBM security executive has warned as the company this week debuted a collaborative framework designed to empower companies to work together on cybersecurity.
Collaboration was a challenge that cybercriminals had long ago solved through the creation of communities of interest, often in hidden corners of the Darknet. Yet better-exposed corporations were still far less mature in their collaboration and sharing around security, IBM Security Services ANZ business unit executive John Vine Hall told CSO Australia.
“We know cybercriminals have their own methods of communicating and sharing ideas, content and capabilities,” he explained. “At the moment [businesses] don't collaborate and don't share information – and that's the fundamental advantage that the bad guys have. They're using every tool at their disposal to make sure they're doing bad things, and we're trying to put business on the same footing.”
The IBM announcement saw its Qradar security-analytics platform opened to third parties, with a range of app-development capabilities and a Security App Exchange that allows customers to both build and share new applications leveraging the company's extensive threat-analytics information.
While expanding the integration frameworks for QRadar allows third-party security providers to better integrate with the environment, wrapping these extensions into an accessible environment. Paired with an intuitive rules and app-development environment that Vine Hall said means there are “no skills required to go through the process of consuming information”, the platform is intended to provide a centre of gravity for collaboration around cybersecurity.
This approach will address what he says is the biggest issue within security environments which “is usually not a lack of data”. Collaboration would provide a forest-for-the-trees view that is often lacking in siloed IT-security environments.
“The issue is making sure you have context around what's going on,” he explained. “The reality is that most Australian businesses could invest 100-fold on what they are doing today, but given their limited view into what's going on in the cybersecurity world, they could never respond to it. It's way too dynamic for any one organisation to keep up with.”
Trading insights and new applications would “essentially give those customers, and anybody that wants to consume that information, a global capability that they couldn't otherwise get.”
The role of sharing and collaboration remains a tricky one within businesses, where IT security has traditionally been an internal affair and even mooted breach-notification legislation remains a contentious issue. Yet better threat intelligence is rapidly emerging as a great leveller, with even security body SANS Institute recently coming out to highlight the importance of better network threat detection in overall cybersecurity defences.
A new white paper, on the role of data analytics within the context of threat-detection, highlighted the importance of better threat detection in meeting the goals embodied within the Critical Security Controls (CSCs) set down by the SANS Institute and Center for Internet Security (CIS).
“The Critical Security Controls enable organizations to ensure they implement essential hygiene to manage risks,” Center for Internet Security CSO Jane Lute said in a statement, noting that an automated threat-analytics tool “has the ability to sit within the network and look for anomalous behavior – not just dependent on what it’s seen before but looking at how the network is operating, recognize it in real time, and allow mitigation to proceed in real time.”
When these capabilities are combined with the type of collaboration IBM is espousing, Vine Hall believes, the combination will empower companies to improve their cybersecurity response in new and far more effective ways than they've been able to do in the past. This is particularly salient given the federal government's investment this week in a range of cybersecurity-related innovation areas, including a $30m commitment to fund the establishment of a Cyber Security Growth Centre.
This culture of innovation will thrive in the context of tools facilitating better collaboration and innovation, according to Vine Hall.
“The intent is to both encourage development of Australian content and to make sure that we're collaborating,” he said, “but also that collaboration between security researchers and businesses is recognised by government as a key to our success in terms of combating cybercrime. That's the next frontier in terms of how we're going to be successful in combatting cybercrime.”