It’s time for cyber security teams to play the collaboration game

Article content

If you're a tad sceptical about the value of collaborative approaches to producing security-related technologies, you need look no further for confirmational evidence than one of the most prodigious platforms on the planet: the Dark Web.

There, you will find a criminal fraternity running thousands of marketplaces in which they are making available tens of thousands of collaboratively-produced, open-source hacking tools at any one time.

To say these hackers are successful at collaboration would be the height of understatement: such tools have helped triple the number of cyber security breaches in the finance sector between 2014 and 2017, according to US-based market researcher The Ponemon Institute.

Pitted against this illicit onslaught are the cybersecurity software firms who supply banks and finance houses with technologies designed to keep the hackers out. Unfortunately, all too often, these vendors develop ingenious but proprietary cyberdefence technologies and they do not share them with outside experts who can improve them adaptively as the threat landscape evolves.

This model simply cannot continue, delegates to the recent FIX EMEA Trading Conference in London heard. The cybercriminals are just too agile in their approaches for set-in-stone proprietary solutions to make any kind of difference to today's ever-changing threats.

What's needed instead, the conference heard, is a fresh collaborative approach that sees telcos, security software vendors and finance sector firms work together to forge the best ways to cope with more devious malware, data breaches, network intruders, social engineering attacks and - an ever increasing attack vector, insider threats.

"Collaboration is very important as information security is a very big subject, and you can’t cover everything yourself," a panellist on the ‘Mitigating Cyber Risk’ session told the audience. Being able to work together and share threat intelligence "really ups your game," he said.

One way to up your collaborative game, said another panellist, is in the war gaming - or "red teaming" - threat scenarios with colleagues in the industry.

He explained to the audience that in red teaming, which is attack-based penetration testing, you can attack from any area, and you can use almost any technique you like, so it has to be extremely well controlled. In this way, it is a really effective way to highlight systemic risk areas.

At Telstra, we think one aim of such collaborative approaches is to turn cybersecurity development into an information sharing, open-source activity that's ready for any online threat - with the approach being pretty much that of a team sport (for more on this see our webinar on collaboration here). This addresses the top security challenge identified in the Telstra Security Report 2018, which is detecting and responding to threats in a timely fashion.

So how is our community-led, partnership-minded work manifesting itself? In a variety of collaborative projects, such as the Apache Metron big data security analytics platform we have developed alongside Silicon Valley's Hortonworks. That has created a fully productionised platform that is already deployed in two of our Security Operations Centres (SOC) in Sydney and Melbourne and it will soon be up and running in the London SOC, too.

On top of this, we are open sourcing our Advanced Security Analytics platform, which seeks out unusual behaviours and anomalies in networks that could suggest a breach or some kind of attack in the making. This will allow collaborators to write their own algorithms to perform such detections – taking account of changing attack and exfiltration strategies.

We plan many more such ventures – especially as algorithmic code is contributed via Github and begins to make a real difference, as we expect that success to encourage even more collaborators to join the fray.

The co-operative model is how malicious inhabitants of the Dark Web work: they distribute criminal tasks amongst their number, work on new code and then stitch the pieces together in new attack payloads. But adopting collaborative tactics and techniques in banking and finance security will give us a leg up to defend against them.