Why collaboration is key to better security visibility

It’s no secret that information in the security world is constantly and relentlessly evolving. This makes it extremely difficult to come up with agile solutions to deal with attacks going on in the present, let alone those lurking around the corner…

Is your team asking the right questions and coming up with some decent answers about current threats and what’s coming next? Quite possibly. But, the thing is, nothing is ever going to be 100% secure and no single source of information can be expected to have all the answers.

Companies who have a willingness to take part in information sharing and discussing where they fit into the wider industry puzzle – solutions, threats, and otherwise – are going to have a better chance of being able to ask better questions and have a leg up on the bad guys.This blog post is going to look at how information sharing works, what its challenges are, possibilities for making it a more trusted process, and how collaborating will benefit the industry as a whole.

(P.S. I’m also sharing a big list of Twitter infosec peeps that are worth following if you’re interested in learning more about what’s going on in the industry).

So, how does this information sharing thing work?

I stumbled across this quote the other day and I thought it was a good analogy that made me think about the concept of information sharing a bit more clearly.

The article states, “In the same way that a conscientious commuter might report a particular traffic jam that he encountered for the convenience of other commuters, so also might a well-meaning company report a particular instance of a cyberattack that it encountered for the benefit of other companies.”  Kind of a cool way to look at it, right?

If I’m experiencing something in the real world that I feel it’s good to forewarn others about, why would I not want an avenue in which to share that? Say I’m the driver in the situation mentioned and I can share an alternative route for others to take in a quicker and safer way. Although this might be a simplified example for a more complex situation, it’s still the concept that if someone catches something bad happening that they have the ability to share it OR maybe they’ve already come up with a more proactive/creative approach to share before the issue becomes a factor affecting them at all.

If you’re looking for a more in-depth guide to sharing among organizations, check out the “NIST Special Publication 800-150: Guide to Cyber Threat Information Sharing.”

What are the challenges that hinder this process?

Many companies are wary of sharing sensitive cybersecurity details outside of their own organization. There are concerns that lie in multiple areas, including:

• Not having enough education about what information sharing means
• A lack of understanding about what should be shared
• Concerns about type of information being shared and liability
• Not knowing what standards should be in place
• Communication barriers that stop people from being on the same page

Although there are still many barriers to information sharing, we need to keep making improvements in these areas as these efforts are important. This means continuing to make security education interesting an integrated into the lives of our users, working on knocking down the communication barriers by having standardized terminology, and putting things like the Chatham House Rule or more legalized NDAs in order for there to be a trusted system.

How does threat sharing benefit the community?

In the infosec industry the common goal is to keep the adversaries as far away from the “crown jewels” as possible. As networks, and attacks, and connectivity, and everything becomes more complex, advances in the way cybersecurity is handled needs to advance as quickly as it can.

With a “sharing ecosystem” type concept for information sharing the community can move forward with collaboration, correlation, detection, and prevention efforts. As lessons are learned, creative solutions are discovered, better best practices are being formed, and other improvements occur, the more all of these things are shared the more our community virtually shares intelligence costs and moves forward faster.

Author Angus Macrae sums it up nicely in his article Collaboration is Key to Information Security, stating, “Isolate, hoard, divide and fall or collaborate, share, unite, and win. The choice is ours.”

If Twitter is one of your information platforms of choice, hopefully you’ll take the time to check out some of the information being shared by these infosec pros. (Note: This list is by no means complete. If there’s a Twitter handle you feel should be added, please drop it in the comments box).

• @da_667 – I wrote a thing on building VM lab networks that was decently received. #HumanZoo
• @swiftonsecurity – I make stupid jokes, talk systems security, https://DecentSecurity.com  + http://GotPhish.com , write Scifi, sysadmin, & use Oxford commas. Sprezzatura. they/them
• @billford – Dad, maker, infosec, Splunk, bigish data, comics, geek stuff,dog person & awful programmer. Just because I retweet it doesn’t mean i believe, endorse or like it
• @hacks4pancakes – DFIR & OSINT gal, martial artist, gamer, marksman, humanist, Lv13 Neutral Good rogue. I write & tweet *very serious* things about #infosec. Thoughts are my own
• @evanderburg – Cybersecurity, Privacy, and Tech Leader, Author, Consultant, and Speaker, VP, Cybersecurity @TCDI http://tcdi.com
• @theroxyd – #infosec infra prob solver | http://github.com/roxyd/  | love #linux, penguins, RFCs, CVEs, hot pink, & @dobodave | tweets not mine I have opinions
• @secbarbie – Information Security Curmudgeon, Partner at @UrbaneSec, Certified Wine Butler, Fine Dining Lover, DJ, and forever student of life! #StarChaser
• @jack_daniel – BS Artiste Extraordinaire, Storyteller, Community Builder, Security BSides co-founder, Curmudgeon, Tenable, Shoulders of InfoSec, Security Weekly Podcast
• @jwgoerlich – A hacker strategist securing IT operations and software development. Chaotic good. INTJ. @MiSec, @ConvergeDetroit, @BSidesDetroit. Views expressed are my own.
• @pod2g – Security Researcher
• @nudehaberdasher – Ringleader of http://Illmatics.com  | Pittsburgh Panther H2P | Summercon Chairman
• @gcluley – Award-winning computer security expert, writer and public speaker. Fighting cybercrime since early 1990s. Co-host of @SmashinSecurity podcast
• @troyhunt – Pluralsight author. Microsoft Regional Director and MVP for Developer Security. Online security, technology and “The Cloud”. Creator of @haveibeenpwned.
• @taviso – Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine.
• @gattaca – security type, speaker, breaker of things, bassist, dad, goon, creator of (-:|3 emoticon, @Forbes & @HuffPostraconteur, gentleman spy. Love my job @Akamai
• @mikko – CRO at F-Secure | TED Speaker | Revɘrse Engineer | Supervillain
• @joshcorman – Director Cyber Statecraft @AtlanticCouncil | CyberSafety Advocate | Philosopher | Strategist | Co-Founder: http://RuggedSoftware.org  http://IamTheCavalry.org
• @brianhonan – InfoSec Consultant, Blogger, Author, Founder & Head of Ireland’s CSIRT @irisscert, and Special Advisor on Internet Security to Europol. PGP ID 0xF1B5CF7D
• @USCERT_gov – We respond to major incidents, analyze threats, and exchange critical cybersecurity information with partners around the world.
• @schneierblog – Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a “security guru”
• @lennyzeltser – Advances information security. Grows tech businesses. Fights malware. // VP of Products @MinervaLabs. Author and Instructor @SANSInstitute
• @owasp – Our mission is to make application security visible so that people and organizations can make informed decisions about application security risk.
• @privacyprof – Infosec, privacy, IT|Tech Entrepreneur| President, SIMBUS360|CEO, Rebecca Herold & Assoc,LLC aka The Privacy Professor|Expert witness|THIS IS MY ONLY TWITTER ID
• @briankrebs – Independent investigative journalist. Writes about cybercrime. Author of ‘Spam Nation’, a NYT bestseller. Wrote for The Washington Post ’95-’09
• @beaker – Fitness culturist. Brazilian Jiu Jitsu black belt. Technosopher. Security Enthusiast. Porschephile. Curator, Muppet Drama. BBQ Snob. Tweets are mine alone.
• @mckeay – Akamai Security Advocate I never thought I’d say, I wasn’t paranoid enough. My opinions are my own, you can’t have them! Active Cyber Pathogen
• @gattaca – security type, speaker, breaker of things, bassist, dad, goon, creator of (-:|3 emoticon, @Forbes & @HuffPostraconteur, gentleman spy. Love my job @Akamai
• @k8em0 – Founder/CEO @lutasecurity . Bug bounty & vuln disclosure pioneer. ISO editor. Hacker. MIT Sloan visiting scholar. New America Fellow. Harvard Belfer affiliate.
• @rongula – President Gula Tech Adventures. Co-Founded Tenable Network Security & Network Security Wizards. 15+ years experience as CEO & CTO in cyber security industry.
• @selenakyle – protects platforms & people online. graphs the grey cybers: econ, risk, fraud, infosec, datasci @google #safebrowsingresearcher, designer, artist, & mathlete.
• @kindervag – Field CTO at Palo Alto Networks. Creator of Zero Trust. Former Forrester analyst.
• @ethicalhack3r – Founder of Dewhurst Security. Founder/Developer of @_WPScan_ and DVWA. Sometimes YouTube https://www.youtube.com/channel/UClkyjnEKSEfbFLN_95kZqhw …
• @window – Security Blah Blah Blah
• @mediaphyter – Raconteur. Powerhouse. Security Twits herder emeritus. Writer for @ZDNet Zero Day. Chief Marketing Officer. Music is my lifeblood. Obsessed with baby goats.
• @dejan_kosutic – Expert in information security management (ISO 27001 standard) and business continuity management (ISO 22301/BS 25999-2 standard)
• @infoseceditor – I’m Eleanor Dallaway, Editor of Infosecurity Magazine. Lover of weekends, animals, sauvignon blanc, seeing the world, sunsets, rainbows and the stars…
• @andrewsmhay – Devastatingly handsome security, DFIR, DevOps, cloud, business, and BBQ renaissance man. Former rugby prop, current rugby coach.
• @shpantzer – Information security and risk management advisor. Virtual CISO with interdisciplinary skillset to solve complex business and technical problems. Not CISSP
• @billbrenner70 – Sophos security scribe, dad, husband, author of THE OCD DIARIES
• @georgiaweidman – Author of Penetration Testing: A Hands-On Introduction to Hacking http://www.nostarch.com/pentes…  (use code GEORGIA) Founder of @bulbsecurity and @shevirahsec
• @aloriam – Data Security Czar for @flatironhealth by day, @NYU_CSE appsec prof and @sec_reactions by night. Clinically depressed and still well dressed. Not dead yet.
• @sec_reactions – When words aren’t enough, say it with animations. Curated by @aloria
• @jjx – Author, Speaker | VP of Engineering & Security | Top 10 Women in Security in SC Magazine | Dancer | Security diva | (ISC)2 Board | Mindfulness devotee
• @mckeay – Akamai Security Advocate I never thought I’d say, I wasn’t paranoid enough. My opinions are my own, you can’t have them! Active Cyber Pathogen
• @thegrugq -Security Researcher :: Cultural Attaché :: PGP http://pgp.mit.edu/pks/lookup?op=get&search=0xDB60C7B9BD531054 (Note: Broken links are not being removed as we wish to uphold the intent of this post.)
• @calebbarlow – Coach a gaggle of wild ducks @ #IBMSecurity – oh and Vice President of Threat Intelligence | tweets r own
• @daveshackleford – Opinionated security geek. Owner@Voodoo Security, faculty@IANS. VMware vExpert. SANS dude. Musician. Sybex author. Unofficial Twitter Fun Gauge for Infosec.
• @msuiche – Hacker, Founder @ComaeIo, @OPCDE, @CloudVolumes (now @VMWareAppVolumes) Contact: m@comae.io / keyID ECC46C54
• @ashk4n – I am a researcher focused on privacy, security, and behavioral economics.
• @mdowd – Internet Hacker
• @i0n1c – CEO of @Antid0tecom (former CEO of @SektionEins) (contact: twitter@antid0te.com)
• @tqbf – I’m losing my edge to better-looking people with better ideas and more talent and actually they’re really, really nice.
• @0xabad1dea – Infosec supervillain and insufferable SJW whose name kills computers. Fortune favors those who do the math. • she/her • I love many and I hate much
• @jonoberheide – Co-Founder and CTO at Duo Security, PhD at University of Michigan. Tweet here, @duosec, and @duo_labs.
• @matthew_d_green – I teach cryptography at Johns Hopkins.
• @kernelpool – Security Researcher at @azimuthsecurity
• @djrbliss – I break kernels.
• @infosecjerk – I want to educate you about security, but I’m not going to sugarcoat it. You make risky decisions and need some tough love. RTs of me are endorsements.
• @dangoodin001 – Ars Technica reporter. Signal number 650-440-4479. The world isn’t run by weapons anymore or energy or money. It’s run by little 1s and 0s, little bits of data.
• @nicolasbrulez – #Virus #HEXorcist. Armadillo PE protector co-coder. Reverse Engineering Rockstar. REcon trainer. Tweets are my own.
• @jesperjurcenoks – #cybersecurity #privacy #infosec#secops http://www.linkedin.com/in/jurcenoks Opinions are my own!
• @cesarcer – Professional Hacker & Cyber security Futurist. CTO, IOActive Labs, leading the team in producing novel research on Smart Cities, IoT & Robots Security. Hacking
• @0xcharlie – I’m that 0day guy
• @bascule – Software Engineer @Chain, formerly @Square. Tweets about cyber, crypto, infosec, distsys, cyber, blockchains, and cyber. Cyber.
• @ryanaraine – I write about hackers
• @nicoleperlroth – writes about hacking @nytimes | author of forthcoming @penguinbooks “this is how they tell me the world ends” | open dm | message me for signal #
• @kristinpaget – I hack things!
• @jeromesegura – Security researcher @Malwarebytes with a focus on exploit kits, malvertising and scams. Views are my own.
• @haxorthematrix – Paul’s Security Weekly Podcast and Blog, dedicated to providing the latest information security news, hacking and research. Haxor of things at InGuardians.
• @aionescu – Windows Internals Expert, Security Ninja, and Embedded ARM Kernel Guru.
• @boblord – CISO Yahoo, formerly Rapid7 CISO in Residence, Twitter alum.
• @dlitchfield – Author; computer security researcher; Scottish Powerlifting Champion M1/83kg; shark enthusiast; photographer; Brit & Scot,
• @securityshell – Web Application Security Engineer – former @RandomStorm / @Accumuli_Sec/ @NCCGroupplc
• @davemarcus – Chief Architect, Advanced Research and Threat Intelligence McAfee Federal Advanced Programs Group
• @aaronportnoy – Cyber Security @Raytheon | Former CTO/Founder of Exodus Intel | OG Pwn2Own organizer | Phrack author | MA native | Reformed bug killer
• @s7ephen – I write. I take photos. I break software. Built stuff that broke stuff at http://www.xipiter.com now building stuff that protects stuff at http://IoT.security
• @patrickcmiller – Patrick C Miller – Infrastructure & Industrial Security Advisor. Recovering regulator. Managing Partner at Archer Security Group (@archersec). US Coordinator at CCI (@info_cci).
• @stiennon – Chief Strategy Officer @blanccotech, Seasoned IT security industry expert and former Gartner analyst, author of “There Will Be Cyberwar.” Writing again.
• @stephenfewer – Founder of Relyze Software Limited and Offensive Security Researcher: reverse engineering, software vulnerabilities and consultancy.
• @dakami – We can fix it. We have the technology. OK. We need to create the technology. Alright. The policy guys are mucking with the technology. Relax. WE’RE ON IT.
• @kevinmitnick – Security Consultant, Public Speaker, & Author Whistling ICBM launch codes since 1988
• @mattblaze – Scientist, safecracker, professor, writer. 140 is the new 1536.
• @carlos_perez – Security Weekly Podcast, Infosec Táctico podcast, Microsoft PowerShell MVP, Metasploit contributor and all around techie. Opinions are my own.
• @csoghoian – Taking a twitter break for a year while I’m a TechCongress fellow. Back in January 2018.
• @justinelze – Hacking all the things
• @humanhacker – This is the official Twitter account of all things SEORG – The SEVillage, SEPodcast, and the official human hacker Twitter account.
• @jeremiahg – Chief of Security Strategy (SentinelOne), Professional Hacker, Black Belt in Brazilian Jiu-Jitsu, Former Yahoo!, and Founder of WhiteHat Security.
• @samykamkar – think bad, do good
• @dejan_kosutic – Expert in information security management (ISO 27001 standard) and business continuity management (ISO 22301/BS 25999-2 standard)
• @weldpond – Co-founder, CTO of Veracode. Former L0pht security researcher. Hackers make trouble.
• @sandra001 – Cyber security geek. Creates experiences that bring people together to discuss important technology, topics and policy @RSAC. My tweets = my opinions.
• @devsecops – Fusion of DevSec, DevOps and SecOps to make way for secure Innovation
• @juliettekayyem – 3 kids, 1 hubbie, a dog. Founder security company, Harvard prof, @CNN analyst, host @TheSCIFPodcast. Former DHS gov stints. Best-selling author of #SecurityMom®
• @runasand – Director of Information Security, Newsroom at @nytimes.
• @infosystir – #infosec Adult supervision required. Striving to learn/hack/teach. Co-host of @brakesec Author – http://oreil.ly/2aS3Jdm Quod me non necat me fortiorem facit
• @k8em0 – Founder/CEO @lutasecurity . Bug bounty & vuln disclosure pioneer. ISO editor. Hacker. MIT Sloan visiting scholar. New America Fellow. Harvard Belfer affiliate
• @teksquisite – Freelance writer, editor & “thought leader” seeking writing opportunities in information security. DM me
• @laparisa – Browser Boss @googlechrome; Security Princess @google; former @usds; skilled at baking, eating, and hijacking cookies.
• @moxie – This account is unmonitored, please get in touch by other means.
• @sggrc – I didn’t want to clutter up the corporate GibsonResearch Twitter account with lots of personal stuff. That’s what this one is for.
• @christinayiotis – #Cybersecurity Executive, Former Deputy General Counsel, Strategist, Cross Pollinator; Mom; Cook; World Traveller #InfoSec #InfoGov #Privacy#SocialMedia #Cyber
• @wendynather – Principal Security Strategist at @duosec. Recovering industry analyst and CISO. My opinions, let me show you them.
• @anton_chuvakin – Informail security #InfoSec – #SIEM / logs, security analytics, #DFIR, #EDR, threat intel … now VP & Distinguished Analyst at @Gartner_Inc
• @robertmlee – Founder & CEO @DragosInc | SANS #FOR578 & #ICS515 course author & Certified Instructor | nonres Fellow @NewAmCyber |@_LittleBobby_ writer | USAF Veteran
• @jason_healey – Cyber risk, national security, USAF veteran. Always, always believed in Tad Cooper. @ColumbiaSIPA
• @stiennon Chief Strategy Officer @blanccotech, Seasoned IT security industry expert and former Gartner analyst, author of “There Will Be Cyberwar.” Writing again.
• @unfoldmybrain – @hurricanelabs very broken marketing person | certified cynic that still believes in #infosec | emotional capacity on par w/ Spock | oh, and I’m actually Satan