Discover PerformanceHP Software's community for IT leaders // May 2013
Know everything: The growing importance of sharing security data
Jacob West, head of HP Security Research, explains why sharing security data widely and taking fast action are the new must-haves for effective enterprise defense.
Access to information is changing the way hackers do their dirty work. The Internet lets hackers be more specialized and more organized. Organizations must focus on information, too: collecting and sharing it, and automating appropriate responses to it.
HP has consolidated its premier research organizations, DVLabs, the Zero Day Initiative (ZDI), and HP Fortify Software Security Research, into HP Security Research. HPSR’s mandate is to conduct innovative security research, deliver actionable security intelligence to HP customers, and publish on security research from across HP, says Jacob West, the CTO of HP Enterprise Security Products and leader of HPSR.
“HPSR allows researchers in areas of security, ranging from vulnerability to malware to software security, to collaborate more effectively and to tackle new problems with a deeper bench of skills,” West says. “And HPSR will let HP communicate and collaborate even more effectively with industry and government organizations, to better help enterprises tackle security challenges.”
Discover Performance asked West how CISOs should be thinking about the way their organizations collect, analyze, and act upon security intelligence.
Q: How is the security threat landscape changing?
Jacob West: From a financial standpoint, as society’s dependence on technology has grown, so have the financial opportunities for malicious actors. The increased financial motivation for attacks has caused the threat landscape to evolve under traditional market forces. Today, many threat actors specialize in various types of exploits, automate these capabilities as broadly as possible, and then share these weaponized exploits with others on underground marketplaces.
Q: What effect are these changes having on enterprise security and strategy?
JW: Rather than focusing on a single threat actor or preventing a specific breach, organizations must seek out and develop security intelligence that allows them to understand the landscape broadly.
To keep up with the threat landscape, organizations need to share information and leverage technology. Many organizations purchase security intelligence related to malware outbreaks, newly discovered vulnerabilities, and the activities of various threat actors and the organizations they support.
With recent executive attention on security assurance and information sharing specifically from President Obama, there will be many opportunities for the government to share data with corporations and vice versa moving forward.
Q: What’s the state of the art in security intelligence gathering?
JW: More sophisticated companies combine externally licensed intelligence with their own gathered from internal sensors. The future lies in the ability of organizations to effectively share security intelligence with one another to shorten the lag between identifying a threat and mitigating it effectively.
Q: What prevents organizations from acting on data about potential threats?
JW: The biggest challenge in making security intelligence actionable is time. Data and systems move increasingly quickly, and the attackers that exploit them have learned to do the same. Attackers increasingly leverage advanced automation and technology that is developed by specialists and then resold on underground marketplaces.
The growing ability of the adversary means organizations must have near real-time visibility into the threats they must defend against. They must minimize the time required to go from knowledge of an adversary to the ability to mitigate, or ideally prevent, the attack. This is why intelligence delivered in a timely fashion through solutions that can take immediate action based on the intelligence is so critical.
Q: How are new technologies evolving to help organizations make security data actionable?
JW: Increasingly, security intelligence offerings are aggregating multiple sources of intelligence to provide more comprehensive views of the threat landscape. Many offerings combine open source intelligence publicly available on the Internet with proprietary or internal intelligence to build a more complete picture.
The industry trend is toward even more advanced technology platforms that will permit organizations to share near real-time threat intelligence with one another and to develop combined defenses that are more effective than any one company going at it alone.
Q: What are the biggest mistakes that organizations tend to make with regard to their security intelligence?
JW: Underestimating the value of sharing data and working on shared solutions is the biggest mistake an organization can make today. Secondarily, understanding how the intelligence an organization collects or acquires is translated into the actions needed to respond to an attack is critical. By focusing on these two aspects, sharing and taking action, organizations can greatly mature their consumption and application of security intelligence.
HPSR Director Jacob West is also CTO of HP Enterprise Security. For the latest report, blog posts, and innovations, visit HP Security Research and the HPSR blog.