As cyber threats continue to outpace capabilities of security operators, companies are facing the reality of balancing their limited cyber resources with expanding digital footprints. Today’s enterprise security model is based on ever-evolving endpoint security and monitoring technologies that require security teams to sift through a myriad of data and alerts. While automated threat intelligence and security analytics solutions continue to come of age and most certainly have their place, incident information exchange and cross-organizational sharing seems to be stuck in 20th century. A growing number of security professionals agree that the most under utilized information in cyber security today is those about attacks that have already happened or are in progress. Outside of ad hoc efforts, companies rarely exchange this critical information with each other early enough for it to matter.
So why is there a sharing gap today? This presentation aims to start a discussion in the wider security community by covering:
-
i. Reviewing concerns that have held companies back from participating in incident exchange on a larger scale. Discuss challenges around reputational risk associated with inadvertently sharing attributable information about real incidents, concerns over liability and government regulation, and lack of trust with whom the information is being shared.
ii. How far does new legislation go in addressing incident exchange concerns? The Cybersecurity Act of 2015 encourages the private sector to share incidents among themselves, but the larger question about how does this impact your security roadmap still exists.
iii. Operator centric technology capabilities required for an effective incident exchange and collaboration platform. Privacy preserving technology, visual analysis tools, end-to-end encrypted collaboration capabilities are some fundamental building blocks that will remove the barriers to incident exchange. We will discuss industry efforts aimed at addressing these challenges.
Shimon is the Director of Product & Technology at TruSTAR Technology. Throughout his career he has worked in technical and leadership roles on a wide range of cyber security initiatives in industry, government and academia. Prior to TruSTAR, Shimon was with Accenture Technology Labs where he lead cybersecurity initiatives focused on threat intelligence and Internet of Things. Shimon has also served as a technical expert on US National standards and a delegate for US National Body for ISO biometrics standards. He has authored a book and published over 15 technical journal and conference articles. He has also been invited to speak as subject matter expert at IEEE conferences and hacker conferences, including Black Hat & ShmooCon. Shimon holds a B.S. in Computer Science, M.S. with Specialization in Information Security and Ph.D. focused on Biometrics Security from Purdue University.