Over the last few months, we have been running a series of webinars on the topic of Collaboration, discussing how enterprises should work together to better protect themselves against well organised threat actors.
The first webinar explored the need to anonymously share threat analytics in real time along with the benefits and the barriers to doing so. It concluded that by pooling industries together into collective information sharing domes, intelligence is richer and helps collaborators to identify threats earlier in the kill chain.
In the second webinar we touched upon Collective Defence as a strategy and demonstrated how one of our threat hunters can detect and isolate advanced threats that evade existing security solutions.
To conclude the series, I was joined by Iain Ashall, Head of SOC at ITC Secure, and John Ford, Cyber Strategist at IronNet Cybersecurity, to tie these various threads together and discuss how an enterprise can begin its journey towards Collective Defence and what it means to “enter the dome” – watch the webinar here.
Defending better together
The panel began by discussing why enterprises should collaborate within cyber security in the first instance. While enterprises have for some time relied on receiving information from a wide variety of sources for their threat intelligence, this is where the sharing traditionally stopped. There would be no passing of information between enterprises about how they dealt with those threats, meaning they would have to deal with each one anew and rely on the expertise of their own analysts.
Yet Collective Defence is a multi-directional model. An enterprise is not only sharing what it is doing with the information, but also benefits from being able to see how others are responding to it. As such, Collective Defence greatly increases our SOC’s ability to rapidly detect, triage and remediate threats as many are working as one to provide more context and value to the data.
There is also the advantage that analysts are improving their knowledge and expertise by being able to see how their peers deal with particular threats.
Behavioural analytics is at the core of Collective Defence
During the webinar we stressed that an effective defence is one that has depth. While prevention tools, such as anti-virus and firewalls are necessary, they are only able to stop a small proportion of malicious traffic. This needs to be reinforced with behavioural analytics that can identify anything anomalous. Collective Defence supercharges this by looking at what constitutes normal behaviour on an enterprise’s network and compares it to what looks normal to others in the same sector.
Collective Defence prevents ransomware collecting
Ransomware is on the rise. We’ve seen a 25 percent increase in ransomware between Q4 2019 and Q1 2020. The panel highlighted that the reason for this is that it offers attackers a perfect business model – easy entry, high return and low risk of getting caught. We went on to discuss how ransomware is being weaponised through targeted two-stage attacks. First the attackers steal the data and then they encrypt the network. If the mark is an enterprise in a regulated industry the attackers will then threaten to reveal private data, which could end up costing an organisation more in regulatory fines than the ransom demand. Threat actors know this and set the ransom accordingly.
Being in a Collective Defence Dome prevents this as it enables our SOC to see in real time the early stages of an attack, regardless of which enterprise in the Dome is affected. They can then put in place appropriate measures to protect themselves, including patching and making backups.
Don’t be afraid to share
There are some companies out there who might be reluctant to share information with competitors. But as former CISO, John Ford said in the webinar: “Companies might compete, CISOs don’t. We want to protect our companies.”
Collective Defence offers the next generation of cyber security to help enterprises protect themselves by sharing only relevant metadata. No confidential information such as intellectual property or anything that would violate regulations such as the GDPR is ever involved. This is then anonymised and shared in real time.
At ITC our SOC is already seeing the benefits of Collective Defence through our partnership with IronNet. Its IronDefence technology and Collective Defence capabilities are an integral part of our managed service offering. There is an IronDome available and in use by healthcare customers and one for finance customers, other sectors are being explored.
We would like to invite any enterprise to join in this collaboration and add Collective Defence to their security strategy. The automation and real-time sharing of critical security data will make a huge difference to the defensive capabilities of any enterprise.