Tuesday, 19 June 2018

The collaboration game - cybersecurity teams should be ready to play

A Knowledge Network article by Andy Mather, Financial Services and Emerging Technology at Telstra
Wednesday 06 June 18

If you're a tad sceptical about the value of collaborative approaches to producing security-related technologies, you need look no further for confirmational evidence than one of the most prodigious platforms on the planet: the Dark Web. There, you will find a criminal fraternity running thousands of marketplaces in which they are making available tens of thousands of collaboratively-produced, open-source hacking tools at any one time. To say these hackers are successful at collaboration would be the height of understatement: such tools have helped triple the number of cyber security breaches in the finance sector between 2014 and 2017…

If you're a tad sceptical about the value of collaborative approaches to producing security-related technologies, you need look no further for confirmational evidence than one of the most prodigious platforms on the planet: the Dark Web.

There, you will find a criminal fraternity running thousands of marketplaces in which they are making available tens of thousands of collaboratively-produced, open-source hacking tools at any one time.

To say these hackers are successful at collaboration would be the height of understatement: such tools have helped triple the number of cyber security breaches in the finance sector between 2014 and 2017, according to US-based market researcher The Ponemon Institute.

A fresh approach
Pitted against this illicit onslaught are the cybersecurity software firms who supply banks and finance houses with technologies designed to keep the hackers out. Unfortunately, all too often, these vendors develop ingenious but proprietary cyber defence technologies and they do not share them with outside experts who can improve them adaptively as the threat landscape evolves.

This model simply cannot continue. The cybercriminals are just too agile in their approaches for set-in-stone proprietary solutions to make any kind of difference to today's ever-changing threats.

What's needed instead is a fresh collaborative approach that sees telcos, security software vendors and finance sector firms work together to forge the best ways to cope with more devious malware, data breaches, network intruders, social engineering attacks and - an ever increasing attack vector, insider threats.

At the recent FIX EMEA Trading Conference in London, one panellist said: “Collaboration is very important as information security is a very big subject, and you can’t cover everything yourself”. Being able to work together and share threat intelligence "really ups your game," he said.

One way to up your collaborative game, said another panellist, is in the war gaming – or "red teaming" – threat scenarios with colleagues in the industry.

He explained to the audience that in red teaming, which is attack-based penetration testing, you can attack from any area, and you can use almost any technique you like, so it has to be extremely well controlled. In this way, it is a really effective way to highlight systemic risk areas.

Collaboration in action
At Telstra, we think one aim of such collaborative approaches is to turn cybersecurity development into an information sharing, open-source activity that's ready for any online threat - with the approach being pretty much that of a team sport. This addresses the top security challenge identified in the Telstra Security Report 2018, which is detecting and responding to threats in a timely fashion.

So how is our community-led, partnership-minded work manifesting itself? In a variety of collaborative projects, such as the Apache Metron big data security analytics platform we have developed alongside Silicon Valley's Hortonworks. That has created a fully productionised platform that is already deployed in two of our Security Operations Centres (SOC) in Sydney and Melbourne and it will soon be up and running in the London SOC, too.

On top of this, we are open sourcing our Advanced Security Analytics platform, which seeks out unusual behaviours and anomalies in networks that could suggest a breach or some kind of attack in the making. This will allow collaborators to write their own algorithms to perform such detections – taking account of changing attack and exfiltration strategies.

We plan many more such ventures – especially as algorithmic code is contributed via Github and begins to make a real difference, as we expect that success to encourage even more collaborators to join the fray.

The co-operative model is how malicious inhabitants of the Dark Web work: they distribute criminal tasks amongst their number, work on new code and then stitch the pieces together in new attack payloads. But adopting collaborative tactics and techniques in banking and finance security will give us a leg up to defend against them.

Telstra CEO EMEA, Tom Homer takes part in the keynote panel, Wholesale Transformation: Business (r)evolution in the digital age, at Carriers World in London on the 11-12 September 2018. To book your place click here

Since you're here...

...the Telecoms industry is characterised by constant change and evolution. That's why it's crucial for telecoms professionals to keep up-to-date with what is happening. Join 35,000+ of your peers and sign up to our free newsletter service today, to be in the know about what is going on. PLUS, as a member you can submit your own press releases!

See all membership options

Please enable JavaScript to view the comments powered by Disqus.

Newsletter signup

Quickly get on board and up to date with the telecoms industry