The National Retail Federation is responding to the recent breaches by establishing an Information Sharing and Analysis Center, or ISAC, for the retail industry, and the government is working on broad-ranging information-sharing initiatives. Meftah would like to see a more consolidated approach, he said.
“To the retailers, I say: Sure, create the ISAC that will bring you all together to discuss and share threat data,” Meftah said. “To the government, I say: Sure, encourage threat sharing between government agencies and the private sector.” He added, “I hope the trend towards threat sharing continues, and I hope we can broaden it to span industries, market categories, and geographies. The ISACs are great, but we need not to be myopic; you’ve got to believe the bad guys are thinking big and acting cross-industry. Like a neighborhood watch, we all need to be keeping an eye out for each other and sharing information that will help us protect our businesses and even our lives, better.”
He went on to suggest that threat data should be free and unrestricted. “There’s the conundrum when it comes to threat intelligence: There’s vendor-created threat intelligence and customer-created threat intelligence.”
Vendor-created is the data that comes from a vendor’s R&D lab and the supplemental data they might invest in. Customer-created threat intelligence is the data that flows back to the vendor from installations of their product.
“Ironically, customers end up contributing valuable threat data back to their vendors, then end up having to pay for this collective intelligence when it’s time to renew their product license,” he said.
Networks that facilitate the collection, validation and dissemination of diverse, crowdsourced threat data should return the information to the people, he asserted.
“Security industry: let’s lead the way,” Meftah proclaimed. “Let’s take that threat data we’re collecting through our products, combine it for greater insight, make it available without restriction, and give the bad guys a run for their money. Imagine how comprehensive our threat intelligence would be if even just FireEye, Symantec, Palo Alto Networks and Cisco got together – boy, you could cover the range of threat vectors.”
That mandate needs to come from the top of the government and enterprise food chain on down, he added. “Big retailers have the big budgets to invest in security, and large government organizations do too,” Meftah commented. “But the only way we can make the US – and I would argue, the world – less of a ‘target-rich environment’ for cyber criminals, is for all organizations to have the proper security products and threat-sharing capabilities in place.”