July 24, 2020 By Anshul Garg 4 min read

Security vendors and end users have access to the same technology and resources, if not more, than the threat actor community. However, the area where cybersecurity falls short as an industry is teamwork. Vendors and end users rarely talk to each other as a broader force. Thus, while innovation may happen for individual products, that innovation may not flow through a client’s work. Customers are hurt by a fragmented security landscape that may create gaps threat actors are ready to exploit.

This approach cannot last. The cybersecurity industry needs to bring change and start collaborating.

State of the Industry

Cyberattacks are at an all-time high with 8.5 billion records breached in 2019 and ransomware attacks up 67% annually in Q4 2019, according to the X-Force Threat Intelligence Index. At the same time, attacks on operational technology infrastructure increased by 2,000%. One reason is that clients often operate with a lot of autonomy, while threat actors work together in a highly collaborative environment.

Innovation in the security industry continues to grow as more venture capital funding is poured into security. This leads primarily to new product announcements from vendors across the industry. While this is great for the industry, what benefit is this really bringing to the clients? From a client perspective, these innovations may help in the short-term, but also add to the complexity of their environments, which is their biggest challenge, according to a recent Forrester report.

Today’s security environment has grown too complex. A typical organization is using an average of 25 to 49 disparate tools from up to 10 different providers. These tools (and their data) may be on-premise, on a private cloud or on one or more public clouds. Add to this the growing skills gap, and clients have too many tools, too much data, and too few resources – which lead to problems with complexity.

Breach Case Study: Mirai Botnet

For example, the Mirai botnet relied on threat actors sharing ideas and plans. Mirai is a malware that turned networked devices running Linux into remotely controlled bots. Then, those devices were used as part of a botnet in large-scale network attacks. It mostly hit online consumer devices such as IP cameras and home routers. In 2016, threat actors used Mirai and Bashlight to initiate multiple direct denial-of-service (DDoS) attacks that led to major services being down. This in turn led to loss of revenue and damaged brand reputations.

However, the most disturbing issue in this case is not the only use of that specific malware. Threat actors later published the source code in Github, where it formed a foundation for more problems. Several threat actors used the code, built upon it and executed multiple other attacks.

What Can the Security Industry Learn from Threat Actors?

Let’s go back to the example of Mirai Botnet. What was more lethal: the creation of malware or sharing the malware code on Github and making it available to their entire community? The fact that the code was posted and used as a base for subsequent multiple attacks illustrates the highly collaborative spirit of the threat actor community.

Leveraging Open Source for Innovation

Let’s take a look at other IT technologies and how they have changed over time. Within the past decade, the industry saw a seismic shift in how businesses build, deploy and manage their application and workloads.

In every major technology category, from operating systems to applications and data management, we see an open approach fueling innovation. For instance, in the last decade or two, a sprawl of proprietary server operating systems (OS) caused management issues. Today, on the other hand, almost 68% of servers run Linux, which is an open-source operating system. Similarly, open source is used in over 40% of applications and data projects, based on an IBM analysis discussed in an on-demand webinar, “Improve Risk Management and Fuel Innovation with Open Security.”

We have all seen the gradual growth in adoption of containers. Kubernetes is an open-source container orchestration platform that automates many of the manual processes involved in deploying, managing and scaling containerized applications. The open-source community has come together with some 4,000 developers working with Kubernetes, today. To put this into perspective, no single vendor can put 4,000 resources behind any single project.

Case in Point: Red Hat Ansible

An example of bringing open source to Security is Red Hat Ansible, an open-source community project sponsored by Red Hat. It helps security automation scale across applications, cloud services and development environments. This approach has worked well to address scale and interoperability concerns in DevOps. As a result, Ansible is the most popular open-source automation tool on GitHub, with more than 4 million downloads in February and 6,800 contributors developing and sharing additional automation modules to cover new and evolving use cases. This community led collaboration has led to exciting developments and updates, that are being shared at AnsibleFest 2020.

The New Frontier

If you look at some of the examples above, we can see how working in an open-source format solved the problem. For example, the complexity issues cybersecurity professionals face today are similar to the data center management issues faced a decade or two ago.

With open security, you’re no longer just trusting the vendor or even only your own developers and security experts. You have the entire community at your service. Other vendors or organizations, including universities and researchers, all are looking at the same code and improving it. They share methodologies and identify and fix problems much faster than could be done in-house.

One initiative already underway in this area is the Open Cybersecurity Alliance. Its purpose is to develop and promote sets of open-source common content, code, tooling, patterns and practices to maximize interoperability among cybersecurity tools. The aim is to simplify the integration of security technologies across the threat life cycle — from threat hunting and detection to analytics, operations and response — so that products can work together out of the box. At the time of this article, there are 28 organizations who are part of the Open Cybersecurity Alliance.

Open security is driven by community led innovation and expertise. It leverages open standards, developed from open source projects. Think of a world where the security industry and end users unite in a fight against the adversaries. It would give the industry the power to collaborate and share threat intelligence, along with best practices on staying ahead of its adversaries. Open security can make it possible.

Register for the upcoming webinar to learn more about fueling innovation with open security

More from Risk Management

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today