Cloud Security Authors: Yeshim Deniz, Liz McMillan, Elizabeth White, Ravi Rajamiyer, Pat Romanski

Related Topics: @DXWorldExpo, Microservices Expo, Cloud Security

@DXWorldExpo: Blog Post

Year of Threat Intelligence Sharing By @ForeScout | @BigDataExpo [#BigData]

Bringing structure to the chaos of big security data

As we kick off 2015, I predict that this will go down in history as the year of the Threat Intelligence Platform (TIP). We say goodbye to the year of the advanced persistent threat (APT) in 2014, just as this time last year we waved adieu to mobile device management (MDM).

We've seen the security ecosystem evolve from all-in-one systems to point solutions to a bi-directionally integrated fabric knitting these silos together. This year that will extend into community-based, big security data digesting TIP systems.

TIP is in its infancy. Just a year ago, Gartner analyst Anton Chuvakin lamented in his blog that he couldn't characterize the new category without breaching non-disclosure agreements. But he credited Facebook with breaking the TIP ice, characterizing the new genre of point solutions as comprising three high-level parts: threat feeds, big data analytics and real-time response.

One area where TIP breaks new ground is its focus on community data sharing, and the concomitant requirement to ensure that threat indicators are standardized and exchangeable between various tools and systems. For example, many APT vendors can report information about indicators of compromise (IOC) but that data isn't easily used outside of the product generating the information. Sure, you can send everything to a SIEM and hope your rules work as expected, but with the increasing number of advanced persistent threats mutating at an alarming rate and evolving attack methods, it's a never-ending cat and mouse game. The TIP vendors are working to deepen the utility of threat data interchange.

But TIP is not in the best position to knit together all data exchange across disparate point solutions and enable real-time response. If we take a look at the tools commonly deployed in the security ecosystem, we find firewalls, next-gen antivirus, spam filters, data loss prevention (DLP) solutions, network access control (NAC) systems, disk encryption, etc. All of these systems perform specific functions that could be augmented if they could learn from other tools or share what they know with other tools. Continuous monitoring and mitigation systems are already positioned to enable all of these security components to talk to one another, expand where they can gather and exchange information and automate the response to threats, one of the key challenges facing IT security.

The community-based approach of TIP can add enormously to an integrated security ecosystem. This form of information sharing can be effectively illustrated with a financial services use case. Many large banks contend with the same risks and threats, and will typically deploy similar tools to reduce that risk and thwart the threats and strengthen their security posture. While the risk and threat is similar in nature, a specific attack can be different but have common indicators. If Bank A gets attacked the methods, signatures and meta-data about that attack can easily be shared with Bank B to help stave off similar future attacks, and Bank B can then reciprocate to other banks in the future.

Applying Big Data analytics to massive volumes of collected data to ferret out the threats is another area of innovation for TIP. It has been difficult to draw conclusions based on the information attackers leave, as many systems that could potentially use this data cannot effectively handle the vast amounts generated. We've seen many threat intelligence vendors emerge in 2014, all trying to figure out how to collect high volumes of data from different sources, fuse it, cut through the white noise, draw effective conclusions and then plug that insight into the systems that matter to large enterprises.

In 2015, we will likely see enterprises begin vetting these vendors. Though the technology and approaches to data exchange are not novel, the overall "secret sauce" that differentiates one vendor from another will be the defining factor for which solution will be adopted versus those that will fail. In the end an essential ingredient of the secret TIP sauce will make these lists manageable and relevant, add crowd-sourced data to the mix and ultimately make the TIP a valuable source of reliable threat indicator data.

As with other technology of the year products, the viability of any innovative TIP system or service will be dependent on a common language and broad set of integrations. I expect to see the deployment of TIP used in conjunction with an internal security platform that can already integrate disparate security solutions, make intelligent decisions, automate and accelerate responses and apply that intelligence in the form of "what to block," and how to block it, and automatically carry it out.

A real example: Imagine sending all of your proxy, APT, firewall and intrusion prevention system (IPS) logs through a bi-directional security fabric to a threat intelligence platform that mixes in their existing crowd sourced data, adds the secret sauce, boils mountains of inputs down to real risks and generates a feed of threat agents that is sent back to the security fabric which automatically blocks threats in real-time throughout the network at different levels of the infrastructure.

It's no secret that the attacks we are seeing are becoming increasingly sophisticated, and while TIP is no panacea, it will hopefully allow enterprises to minimize the impact the malicious user has on corporate networks.

While no one has a crystal ball to peer in and see what 2015's landscape will look like, one thing is for sure: hackers are becoming more sophisticated and in order to stave off data breaches, we need to be aggregating and sharing information. As the sportscasters say, the best offense is a great defense. And TIP is the latest page of the playbook.

More Stories By Robert McNutt

A systems engineer at ForeScout Technologies, Robert McNutt is a designer and architect of Network Access Control (NAC) solutions for global financial organizations, with ForeScout’s award-winning CounterACT NAC appliance at the core. Prior to ForeScout, he previously worked as a senior network administrator at the New York Law School.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

IoT & Smart Cities Stories
The hierarchical architecture that distributes "compute" within the network specially at the edge can enable new services by harnessing emerging technologies. But Edge-Compute comes at increased cost that needs to be managed and potentially augmented by creative architecture solutions as there will always a catching-up with the capacity demands. Processing power in smartphones has enhanced YoY and there is increasingly spare compute capacity that can be potentially pooled. Uber has successfully ...
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear these words all day every day... lofty goals but how do we make it real? Add to that, that simply put, people don't like change. But what if we could implement and utilize these enterprise tools in a fast and "Non-Disruptive" way, enabling us to glean insights about our business, identify and reduce exposure, risk and liability, and secure business continuity?
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in development and launches of disruptive technologies to create new market opportunities as well as enhance enterprise product portfolios with emerging technologies. His most recent venture was Octoblu, a cross-protocol Internet of Things (IoT) mesh network platform, acquired by Citrix. Prior to co-founding Octoblu, Chris was founder of Nodester, an open-source Node.JS PaaS which was acquired by AppFog and ...
In today's enterprise, digital transformation represents organizational change even more so than technology change, as customer preferences and behavior drive end-to-end transformation across lines of business as well as IT. To capitalize on the ubiquitous disruption driving this transformation, companies must be able to innovate at an increasingly rapid pace.
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...