Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyberthreat intelligence sharing to go mainstream in 2016

Sean Duca, Regional Chief Security Officer, Asia Pacific, Palo Alto Networks | Jan. 4, 2016
As the world changes, both vendors and users must adopt a more proactive stance to sharing, lest they risk being left in the dust by those who do, says Sean Duca of Palo Alto Networks.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

In Asia Pacific there are lots of conversation about the need for more transparency when it comes to reporting on cybercrime.

With no overarching legislation governing the region, there is little assurance that what makes it into public knowledge, is an accurate picture of what the threat landscapelooks like in this part of the world. Challenges to do with the sheer geographical size of the region, including total number of internet users, which is higher than anywhere else in the world, along with differences in culture and language, and the priority individual governments give to cybercrime as an issue, all have a part to play in complicating this process.

Despite this however, we know that there is growing concern to clamp down on attacks in Asia Pacific, particularly in light of a number of recent high profile attacks targeting well-known brands and government in the region.

But why is information sharing important in Asia Pacific?
There are few areas of cybersecurity that present more promise than the concept of sharing threat intelligence to make online communities, and the Internet as a whole, a safer place.No single organisation is capable of achieving complete visibility into the threat landscape. But by joining together and sharing threat intelligence across the industry, we can enhance our collective immune system. The challenge, as is often the case, has been around putting that into practice.

There have been pockets of innovation, such as the Information Sharing and Analysis Centers (ISACs) or security vendors sharing intelligence between their customers. But as attackers continue to conduct successful cyberattacks around the world, this is clearly not enough. Current efforts provide value, but they are often cumbersome and only accessible to larger and more sophisticated security operations teams. There is essentially a high "barrier to entry," with manual analysis required to consume, verify, analyse and implement any changes to an organisation's policy, even with adequately shared intelligence.

This requirement has limited the number of organisations who share intelligence, meaning we have less of it available than we should. Now, imagine a world where every security team can turn their network into a sensor and automatically implement protections for new attacks as they happen. This puts malicious actors at a disadvantage, requiring them to spend immense resources to discover new exploits, construct new malware, and employ new techniques.

The past year has shown us early indicators that 2016 will be the year organisations in Asia Pacific truly embrace - and reap the benefits of - shared threat intelligence. We will see this change the way both security vendors and the security community at large operate. I anticipate three specific changes:

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.