"Criminal attackers have a community," blogs Barmak Meftah, president and CEO of AlienVault ahead of a speech this week; "they have long shared information quite successfully to facilitate their exploits... Couple this with the 'attacker’s advantage' of choosing where, when and how to launch attacks, and it is no surprise that collaborative hackers appear to be winning against respected brand companies, despite their generous spending on security protection tools."
HP notes that despite a worldwide spend of around $46 billion on cybersecurity in 2013, the number of security breaches increased by 20% while the cost of individual breaches increased 30%. “Collaboration is fueling unprecedented innovation in the criminal marketplace, enabling the ecosystem of adversaries to stay ahead of our defenses,” commented Art Gilliland, senior vice president and general manager of enterprise security products.
What both organizations are describing is known as asymmetric warfare, where one side gains an advantage by using significantly different tactics to the other. And both organizations advocate realigning the symmetry of cyberwar through defenders adopting similar tactics to the attackers – most notably through the sharing of information.
HP's approach is to enhance its HP Threat Central security intelligence platform. This platform, explains HP, "enables community members to share threat data and analysis, providing real-time intelligence on the adversaries, attack vectors, methods and motivations behind current threats." Now it is strengthening the platform with the introduction of the HP Threat Central Partner Network, which it describes as "a collaboration of security vendors who stand behind the importance of threat intelligence sharing across the industry to combat the adversary."
AlienVault is using a similar approach – taking an existing initiative (the Open Threat Exchange, OTX) and enhancing it through the new OTX Partner Program. "Through a new OTX Partner Program, announced earlier this week," blogged Meftah, "OTX will become even richer through the contributions of threat sharing partners Cegeka, GoGrid, Netflow Logic, Onsight, Risk I/O and ThreatStop, and conversely, their offerings will be enriched through access to the world’s largest crowd-sourced and collaborative threat exchange."
There is no technological reason why these two initiatives cannot be made to work together. HP's intention is to improve the sharing of threat intelligence. AlienVault's intention is to take shared threat intelligence and translate it into firewall rules that can be instantly used by 'members' to configure defenses to automatically and rapidly protect against new threats as soon as they emerge. In both cases, the intention is to get defenders to collaborate in defense as effectively as attackers collaborate in attack.