Companies Join Forces to Fight Hackers
Companies looking to bolster their defense against cyberthreats are finding strength in numbers.
With hackers and cyberterrorists becoming more advanced and breaches proliferating in both frequency and scale—and claiming victims out of some of the world’s biggest and most sophisticated companies—collaboration among firms has emerged as one of the key ways to fight back.
“It’s an arms race between attackers and defenders,” says Mark Clancy, chief information-security officer at securities-clearing firm Depository Trust & Clearing Corp. (DTCC) and the head of Soltra, a joint venture overseeing a platform that makes information-sharing easier. By banding together, companies can tip each other off about specific threats and vulnerabilities discovered within their networks, he says, “decreasing the cost of their defense while raising the cost of their attackers.”
The move toward greater collaboration represents a shift for many companies. Although the benefits of working together are cited often, many firms have been reluctant to share sensitive information about cyberattacks, fearing it might damage their reputations or tip off rivals to their strategies and plans.
But amid increased attention from Washington—President Barack Obama in February signed an executive order urging more collaboration between organizations in the public and private sectors—and a growing recognition of the consequences at stake, companies and industry groups have begun rapidly expanding the scope and potency of their information-sharing capabilities.
A focal point of the new cooperation is Soltra, a partnership between DTCC and the Financial Services Information Sharing and Analysis Center, or FS-ISAC, an industry group with more than 5,500 members, including the world’s biggest banks. As head of Soltra, Mr. Clancy is overseeing the development and adoption of an information-exchange platform called Soltra Edge, which collects threat indicators such as suspicious IP addresses or particular forms of malware from member organizations and uses a special programming language to automate the transfer of that information to other members.
Because Soltra Edge users don’t have to gather and scrutinize threat indicators manually via list serves, emails and spreadsheets, they can spot threats like malware in a matter of seconds, down from an average of seven hours, and take preventive measures such as blocking the source of the attempted breach before they are targeted.
“It’s a machine-readable way of describing who the bad guy is and what type of attack it is,” says Mr. Clancy.
Nearly 400 FS-ISAC members are active Soltra Edge users, submitting over 10,000 information requests to the repository every day.
“We’re already seeing some of the efforts start to pay off,” says Bill Nelson, chief executive of FS-ISAC. In addition to giving companies the ability to make faster decisions, instances of identify theft are on the decline, he says.
FS-ISAC’s cyberthreat repository—a central database that stores reams of member-submitted threat data—multiplied to more than 12 million indicators as of Oct. 1, a fivefold increase from a year ago.
With IT security vendors now working on ways to import threat data from organizations in the defense industry, as well as other sources, into the Soltra Edge platform, the size of the database and universe of potential collaborators is poised to grow. And that, experts say, will provide an even larger base from which threats can be detected.
Scoring The Threats
Soltra isn’t the only organization developing tools to make information sharing easier—and more valuable.
Hewlett-Packard Co. offers a cloud-based analytics platform called Threat Central that supplies subscribers with streams of cyberthreat intelligence customized specifically for them. Included in this customized stream is an “evilness” score from one to 100—with “100 being Satan”—based on the impact a particular threat is likely to have on that specific subscriber, says Ted Ross, director of threat intelligence at H-P.
For example, an active attack that involves extracting and reselling data may score higher for a retail business than for a company that doesn’t collect sensitive customer information.