The Power of the Crowd – Sharing Threat Intelligence in the Security Community

By Richard Kirk, Senior Vice President, Telecom and Service Provider Sales, AlienVault

When most people think of crowdsourcing, it is usually within a social context – i.e. sharing the latest news, gossip and trends. However, crowdsourcing can also be useful for information security professionals, allowing them to find out about new malware, malicious IPs, vulnerabilities and exploits. This is vital because no one vendor has all the answers.  However, when you pool their collective resources, such as event logs, firewalls, IPS/IDS, proxies etc, then you start to get a holistic view of what’s happening in the threat landscape and this can significantly improve your security posture.

This demonstrates the ‘power of the crowd,’ because in the security industry, it is not simply about one great expert, but rather the expertise of thousands of security practitioners who become the collective genius. And with the network of users and the community connected to modern platforms, sharing threat data in real-time, it can be done, and it can be even more effective in preparing everyone for the inevitable and growing barrage of attacks.

Despite the many benefits, there is a reluctance to share threat intelligence among some sections of the security community. One of the main factors contributing to this is that people are nervous about inadvertently exposing sensitive company information when sharing threat intelligence. While this is a legitimate concern for many, it doesn’t need to cover the entire spectrum of threat intelligence, because items such as hash values, suspicious IP addresses and domain names can easily be shared without exposing any internal information.

Whilst collaborating on threat data in the infosec community, there are three things we can do: identify who is attacking me, so if there is an attack on one of us, we all know about the attack and attacker. This is one of the most effective ways that threat sharing can benefit the entire group. To take this a step further, individuals can share stories on how they were attacked and how they might prevent different methods of attack; and finally sharing what we did to overcome the attack through the use of tools, policies and procedures. This is all the more important given that cyber attacks are growing by more than 50 per cent each year, and becoming ever more sophisticated.