All in it Together: Enterprises Join Threat Intelligence Alliances to Combat Security Risk
May 28, 2015 Leave a comment
- Crowdsourcing in cybersecurity is not new, but it is gaining significant traction with heavyweight sponsors
- Enterprises can benefit from participating, with the potential value outweighing any perceived costs
It’s impossible for any one organization to keep up with every current security threat on its own. That’s why enterprises use tools and managed services from security vendors in the first place, right? But even those specialists who have invested millions in real-time security intelligence and analytics platforms–and/or armies of security analysts—can’t know or predict everything. That’s why numerous initiatives have been started to pool threat monitoring resources together in a cooperative fashion and on a large scale, using crowdsourcing techniques to protect the community as a whole.
On May 14th, IBM announced that more than 1,000 organizations across 16 industries are participating in its X-Force Exchange threat intelligence network, just one month after its launch. IBM X-Force Exchange provides open access to historical and real-time data feeds of threat intelligence, including reports of live attacks from IBM’s global threat monitoring network, to help enterprises defend against cybercrime. The company provided free access to its 700 terabyte threat database, including two decades of malicious cyberattack data from IBM, as well as anonymous threat data from thousands of its managed security clients. It already supports an average of 1,000 data queries from participating organizations each day.
Such a fast uptake reflects the steep rise in security consciousness within organizations recently. Companies are looking for various ways to upgrade their security intelligence and defense mechanisms, realizing that there is no single tool or process—or service provider—that can provide a complete solution. One way to gain an edge is to share information, but it’s not yet a “no-brainer” for every organization to get involved with. Governments, for example, are among the most-attacked and most highly defended organizations, but they are not generally very eager to share their intelligence with the public. Other verticals facing tight compliance and high risk may also hesitate to share intelligence—not because they don’t want to benefit from the crowd, but because they fear disclosing any perceived weakness.
But IBM’s launch of X-Force Exchange would indicate most enterprises—including six of the world’s top ten retailers and five of the top ten banks, as well as the top ten companies across the automotive, education and high-tech industries—have moved past such concerns, deeming the potential benefits well worth any cost.
IBM’s initiative isn’t the first. HP’s Threat Central intelligence platform, rolled out in early 2014, is an intelligence-sharing community working together on threats and fixes, speeding up a traditionally slow process with automation and analytics. Six vendor partners and over 2,000 enterprises are participating in what amounts to a cooperative circle of trust. By focusing on use cases that can be heavily automated, Threat Central helps to free up people-time in participating organizations.
To be sure, enterprises should not see crowdsourcing communities as a replacement to their existing security tools and operations. But as they look to add to what should ideally be a multilayered approach, such initiatives like those sponsored by IBM and HP can enable them to benefit from intelligence collected across a wide community, with deliverables in the form of strategic threat intelligence feeds that provide actionable security intelligence indicators. These programs have the potential to offer more than the packaged intelligence feeds available from vendors like AlienVault and CloudFlare, because of the potential scale of the communities, and the ability of participants to influence the vendors based on specific needs.