If you ask any business leader what their goals are for 2020, at some level you’re likely to hear “innovation.” Innovation is essential for competing in the global economy because it helps businesses stay relevant and teams work more efficiently. This need for constant improvement is incredibly clear in the security industry, where both businesses and individuals seem to be responding to a constant stream of evolving attacks, compromises and credential theft.

Threat actors are masters of innovation. With every new defense that your business introduces, these actors come up with another vector or approach to circumvent it. In nearly two decades working in the security space, I’ve seen many, many new products introduced, each designed to help address the latest attacks. And still, attackers are successful. It’s mind-boggling. It’s frustrating.

Both threat actors and defenders have access to the same tools and techniques. They learn about them at roughly the same pace. So how are cybercriminals able to evolve their attack techniques so quickly? How are they able to maintain such a tight arms race with threat defenders?

I’m sure there is more than one answer to this question. However, one thing that threat actors seem to do better than defenders is quite simple: They collaborate. They actively work together on new attack code, improving techniques and sharing best practices. This is one area where we in the security industry can change our approach.

Taking a Cue From Our Adversaries

The multicloud enterprise is creating a significant challenge for security teams. As the business grows and changes by the minute, security vulnerabilities increase. And, as highlighted above, security teams are bombarded with new products and tools that are designed to address each new vulnerability, attack method and compromise. A study conducted by Forrester Consulting found that, on average, 52 percent of security products and 77 percent of vendors have been added within the last two years.

However, the challenge with these products is that they are designed to function individually. This closed, proprietary approach is fairly common for security tools, and the reasons for this vary by product or company. For some, there isn’t a clear incentive to work collaboratively with other tools. There may be competitive concerns, or perhaps the reason is simply that the APIs or standards don’t exist or work well. Whatever the reason, this siloed approach is putting enterprise security teams at a disadvantage.

In order to transform, our entire industry must think differently. We can follow the example set by other major technology areas and our adversaries: leveraging open, collaborative practices to react faster, respond more intelligently and fuel innovation throughout the business.

Here are four ways to get started:

  • Take advantage of open standards — Standards developed and maintained via collaboration and consensus help create an ecosystem across cybersecurity silos. Open standards such as STIX/TAXII and OpenC2 are helping vendors to share specific security data and insights. Currently, more than 50 cybersecurity vendors have adopted or plan to adopt STIX as a standard for data interchange.
  • Use open-source code — Open-source technology is a great way to quickly solve new problems or address gaps in commercial software. Collaborating on code provides new ideas vetted by industry experts. This combination of innovation, experience and expertise can be a great way to improve the effectiveness of your security ecosystem.
  • Gain insight from shared intelligence and analytics — Vendors, as well as the community, have started building tools to better create, share, collaborate on and use cyberthreat intelligence, as well as detections and analytics. These tools and data sets provide cross-platform ways to express data since proprietary formats are often too costly for enterprises to adopt and maintain. These trends will only accelerate, as any single defender or vendor will never be able to cover the entire threat landscape.
  • Share best practices — Best practice frameworks consist of guidelines and practices to manage cybersecurity risk. The cost-effective approach helps to promote the protection and resilience of critical infrastructure.

Beware of the Free Puppy

There is a lot to be gained from leveraging an open construct in security, but there are some cautions as well. For example, one of the biggest myths surrounding open source is that it’s free. While there may be no cost associated with a piece of code, it’s free like a puppy is free. Without proper care and investment, you can’t expect great results.

Open source projects require time, management and contribution in order to produce relevant and secure products. What’s more, these projects require constant input and improvement that only an expert community can provide. This creates a distributed trust model that strengthens the foundation of open projects.

Join the Movement for Open Security

Reimagining security as an open construct is the catalyst to reshaping our industry. An open framework is essential for helping enterprises accelerate innovation and making security teams more effective at fighting cybercriminals and threats.

Learn more about driving security into the fabric of your business

More from Cloud Security

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Why Are Cloud Misconfigurations Still a Major Issue?

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe. With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…

How an Attacker Can Achieve Persistence in Google Cloud Platform (GCP) with Cloud Shell

IBM Security X-Force Red took a deeper look at the Google Cloud Platform (GCP) and found a potential method an attacker could use to persist in GCP via the Google Cloud Shell. Google Cloud Shell is a service that provides a web-based shell where GCP administrative activities can be performed. A web-based shell is a nice feature because it allows developers and administrators to manage GCP resources without having to install or keep any software locally on their system. From…