That we are currently experiencing the highest rate of new security threats, and that they are ever increasingly more complex to detect, is well publicised. Signature based detection techniques on their own are ineffective against zero day threats (previously unseen malware) and so information gained from techniques such as Intrusion Detection (IDS) and Sandboxing (the monitoring of unknown files to prevent and alert if they try to do anything bad) are being utilised to try and identify previously unseen attacks.
Reverse engineering threats is extremely valuable.
Whilst the various devices and security solutions can successfully prevent attacks, it may be the case that there is not enough information to wholly identify what the complete attack was. Getting the fragments and symptoms of an attack early enough to the various boffins in the threat research departments of these collaborating vendors, is the key to piecing together an understanding of the threat, and then developing a suitable defence.
“Can we reverse engineer that threat and know what are the different components. That information is extremely valuable at the highest level”. John Maddison, VP Technical Marketing at Fortinet, has been pushing for more collaboration for a number of years. In an interview with Richard Stiennon, for IT Harvest at RSA 2013 he underlined that sharing threat information as it’s discovered is essential “…until we get to that point, people are only trying to score points by claiming different discoveries etc. I think the (US) government in some way needs to try and bring the security vendors together and maybe force some better cooperation of the more advanced technologies”.
An Infosec equivalent of the Justice League?
‘By collaborating on threat knowledge and preventative measures we can improve our capabilities against the ever growing and increasingly sophisticated cyber attackers’. (cyberconsortium.org)
Could we really be witnessing the start of a super-powered team-up in the Security Industry? There have been many variations of the DC Comics’ Justice League (itself fictionally and creatively inspired by the earlier Justice Society). In the main, the origin stories of the Justice League start with a collaboration by heroes including Superman, Batman, Wonder Woman, Flash, etc that is driven by the need to defend against a new, previously unknown, alien threat.
These heroes each contribute with their varying abilities from Superman’s strength and Flash’s super speed, to Batman’s intelligence and gadgets. And in their own comic book series, they have also usually performed their heroic deeds against bad guys in their own micro verses – Batman in Gotham, Flash in Central City and Superman in Metropolis.
Similarly, security vendors have a variety of core strengths and have varying penetration across different verticals, sectors and markets. Being able to collaboratively identify the latest threat information, and then deploy teams to counter that threat would indeed be super.
Security VS Market Share. The big battle.
After the creation of the Justice League, an orbiting space station HQ (The Watchtower), was built to detect and alert against threats across the globe and from Space, and also used as an operations centre to coordinate and deploy superheroes. With all the metadata going back to security vendors from their deployed appliances, endpoints or OEM’ed software, there is essentially already a number of cloud-based ‘Watchtowers’. However with these Intelligence Networks being used by vendors to differentiate themselves from the competition in an increasingly busy market-space, to what extent can this collaboration succeed?
Infosec Partners, the first ever Fortinet ‘Partner of Excellence‘ in the UK, are hopeful that this Cyber Defense Consortium initiative will succeed. Threats are coming in thick and fast and the benefits of collaboration are clear. Operating internationally, Infosec Partners understands how successful strategic partnerships can be, but also acknowledges that these collaboration agreements have to be carefully implemented. Working with select Business Consultancies and Systems Integrators globally, Infosec Partners deploys a network of Security Consultants and Experts to protect some of the world’s largest and most sensitive businesses as well as some of the world’s high profile individuals and families.
“We also partner with companies that were previously direct competitors”. Fran Ordillano, Commercial Director at Infosec Partners explains. “It’s the quality of the relationships built over the last 10 years that is responsible for Infosec Partners’ growing reputation as a trusted advisor. The synergy between Infosec Partners and the select companies it collaborates with is in part due to our shared belief in fundamentally helping the client.”
Through being an Infosec Partner, Consultancies and Integrators can offer an outstanding pool of experts, meaning unlike larger competitors such as ATOS and Accenture, the person actually advising the client organisation is not just highly certified and experienced, but they also work effectively as part of the client’s in-house team whether at both Board or technical level. Hence collaboration, between what could otherwise be competing entities, actually leads to mutual growth, capacity and shared success.
This really is happening.
Whilst some sceptics might brush aside the notion of a Cyber Defense Consortium, and expect that the market share and lure of revenue dollars will K.O. the chance for any committed collaboration, the heads of Palo Alto and Fortinet are doing their best to drive assurance that this is really going to happen. We should also consider that most collaboration in the Security Market happens not through strategic partnerships, but because of Mergers and Acquisitions providing more consolidation in the industry. In fact both Fortinet and Palo Alto have been earmarked over the last few years as prime candidates for takeovers. With both Intel and Cisco busy getting their ducks in a row following takeovers of smaller security vendors, there is still an appetite for companies with excellent products and channels.
In the meanwhile, any successful collaboration through the Cyber Defense Consortium can help us get better and faster solutions against these threats, and a nice by product for these founding CDC partners would be increased company valuations. Visibly listening and acting upon customer requests is one certain way that vendors can increase their perceived value. As Mark McLaughlin (Chairman, President and CEO of Palo Alto Networks) acknowledges, this was done in part to show that they listen to “…the demands from the industry for a coordinated response from their technology vendors”.
And with Ken Xie (Fortinet’s Chairman and CEO) exclaiming the benefits of combining “threat resources to offer customers innovative ways to more comprehensively combat modern day dynamic, sophisticated threats”, Infosec Partners expects that this announcement is not just a cynical marketing ploy, but is actually a plot for an origin story of the security industry’s Justice League (or an assembly of Avengers if you prefer the Marvel Universe).
NB. This blog article was previously posted by Infosec Partners on the 1st June 2014, and re-posted in order to be added to the new Infosec Partners newsroom.