08 Mar Improved Cybersecurity through Collaboration
Many believe that it is only through better global collaboration that we will be able to win the war against cybercrime.
Technology evolves at a break-neck speed. Perhaps nothing else in the world changes so often or so rapidly. Cybersecurity is no exception, but despite rapid development of countless security technologies each year, security seems to always be behind the adversary. As quickly as new security products arrive, new threats emerge. One might even argue that threats appear much quicker, and in greater numbers than the corresponding security controls.
As the world becomes more dependent on information and connected devices, the significance of cybersecurity increases exponentially. Obviously, we need to get better at safeguarding our devices, networks, and data.
Machine learning, analytics, and artificial intelligence have become important and exciting tools to combat cybercrime. New standards and regulations are also helping, and an increase in overall awareness of cybercrime is fueling an upcoming generation of security analysts. Another promising area is an increase in collaboration regarding cyber threats. Many believe that it is only through better global collaboration that we will be able to win the war against cybercrime.
Security analysts in different geographical and organizational domains are often facing the same cyber threats. They perform similar work, but independently. Fighting the same ransomware, evaluating the same lists of security bulletins released by largely the same security vendors, and dealing with the same types of insider threats. Same challenges, just different locales. The settings may be separated by oceans, or just a wall between two departments.
Improved collaboration among analysts and security vendors might just provide the synergy we need to defeat cybercrime, or at lease bring it under some level of control. Not only would it reduce redundancy, but the advanced warning and information regarding high-severity threats could save billions of dollars annually.
There are a number of collaboration efforts already under way. The Cyber Information Sharing and Collaboration Program (CISCP) sponsored by the Department of Homeland Security serves as a hub of information sharing activities to increase awareness of vulnerabilities, incidents, and mitigations. A number of security vendors and organizations share malware information, and organizations are emerging to better help chief information security officers work together.
Security products are also improving their ability to collaborate with each other. Years ago, SIEM tools started pulling collaborative data from within a single organization and making it available to products and management tools within the company. Now we are seeing more and more instances where enterprise data rolls up to global networks of threat intelligence, and shared with customers around the world. Security vendors are also working with other security vendors in new and improved ways. For example, Fortscale just announced its Presidio product line, which makes an advanced, embedded UEBA engine available to security vendors for the first time.
Although we have a long way to go before collaboration among security teams becomes mainstream, the progress we’ve seen recently is providing effective results, and gives us hope that the day will come.