July 24, 2020 By Anshul Garg 4 min read

Security vendors and end users have access to the same technology and resources, if not more, than the threat actor community. However, the area where cybersecurity falls short as an industry is teamwork. Vendors and end users rarely talk to each other as a broader force. Thus, while innovation may happen for individual products, that innovation may not flow through a client’s work. Customers are hurt by a fragmented security landscape that may create gaps threat actors are ready to exploit.

This approach cannot last. The cybersecurity industry needs to bring change and start collaborating.

State of the Industry

Cyberattacks are at an all-time high with 8.5 billion records breached in 2019 and ransomware attacks up 67% annually in Q4 2019, according to the X-Force Threat Intelligence Index. At the same time, attacks on operational technology infrastructure increased by 2,000%. One reason is that clients often operate with a lot of autonomy, while threat actors work together in a highly collaborative environment.

Innovation in the security industry continues to grow as more venture capital funding is poured into security. This leads primarily to new product announcements from vendors across the industry. While this is great for the industry, what benefit is this really bringing to the clients? From a client perspective, these innovations may help in the short-term, but also add to the complexity of their environments, which is their biggest challenge, according to a recent Forrester report.

Today’s security environment has grown too complex. A typical organization is using an average of 25 to 49 disparate tools from up to 10 different providers. These tools (and their data) may be on-premise, on a private cloud or on one or more public clouds. Add to this the growing skills gap, and clients have too many tools, too much data, and too few resources – which lead to problems with complexity.

Breach Case Study: Mirai Botnet

For example, the Mirai botnet relied on threat actors sharing ideas and plans. Mirai is a malware that turned networked devices running Linux into remotely controlled bots. Then, those devices were used as part of a botnet in large-scale network attacks. It mostly hit online consumer devices such as IP cameras and home routers. In 2016, threat actors used Mirai and Bashlight to initiate multiple direct denial-of-service (DDoS) attacks that led to major services being down. This in turn led to loss of revenue and damaged brand reputations.

However, the most disturbing issue in this case is not the only use of that specific malware. Threat actors later published the source code in Github, where it formed a foundation for more problems. Several threat actors used the code, built upon it and executed multiple other attacks.

What Can the Security Industry Learn from Threat Actors?

Let’s go back to the example of Mirai Botnet. What was more lethal: the creation of malware or sharing the malware code on Github and making it available to their entire community? The fact that the code was posted and used as a base for subsequent multiple attacks illustrates the highly collaborative spirit of the threat actor community.

Leveraging Open Source for Innovation

Let’s take a look at other IT technologies and how they have changed over time. Within the past decade, the industry saw a seismic shift in how businesses build, deploy and manage their application and workloads.

In every major technology category, from operating systems to applications and data management, we see an open approach fueling innovation. For instance, in the last decade or two, a sprawl of proprietary server operating systems (OS) caused management issues. Today, on the other hand, almost 68% of servers run Linux, which is an open-source operating system. Similarly, open source is used in over 40% of applications and data projects, based on an IBM analysis discussed in an on-demand webinar, “Improve Risk Management and Fuel Innovation with Open Security.”

We have all seen the gradual growth in adoption of containers. Kubernetes is an open-source container orchestration platform that automates many of the manual processes involved in deploying, managing and scaling containerized applications. The open-source community has come together with some 4,000 developers working with Kubernetes, today. To put this into perspective, no single vendor can put 4,000 resources behind any single project.

Case in Point: Red Hat Ansible

An example of bringing open source to Security is Red Hat Ansible, an open-source community project sponsored by Red Hat. It helps security automation scale across applications, cloud services and development environments. This approach has worked well to address scale and interoperability concerns in DevOps. As a result, Ansible is the most popular open-source automation tool on GitHub, with more than 4 million downloads in February and 6,800 contributors developing and sharing additional automation modules to cover new and evolving use cases. This community led collaboration has led to exciting developments and updates, that are being shared at AnsibleFest 2020.

The New Frontier

If you look at some of the examples above, we can see how working in an open-source format solved the problem. For example, the complexity issues cybersecurity professionals face today are similar to the data center management issues faced a decade or two ago.

With open security, you’re no longer just trusting the vendor or even only your own developers and security experts. You have the entire community at your service. Other vendors or organizations, including universities and researchers, all are looking at the same code and improving it. They share methodologies and identify and fix problems much faster than could be done in-house.

One initiative already underway in this area is the Open Cybersecurity Alliance. Its purpose is to develop and promote sets of open-source common content, code, tooling, patterns and practices to maximize interoperability among cybersecurity tools. The aim is to simplify the integration of security technologies across the threat life cycle — from threat hunting and detection to analytics, operations and response — so that products can work together out of the box. At the time of this article, there are 28 organizations who are part of the Open Cybersecurity Alliance.

Open security is driven by community led innovation and expertise. It leverages open standards, developed from open source projects. Think of a world where the security industry and end users unite in a fight against the adversaries. It would give the industry the power to collaborate and share threat intelligence, along with best practices on staying ahead of its adversaries. Open security can make it possible.

Register for the upcoming webinar to learn more about fueling innovation with open security

More from Risk Management

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Are we getting better at quantifying risk management?

4 min read - As cyber threats grow more sophisticated and pervasive, the need for effective risk management has never been greater. The challenge lies not only in defining risk mitigation strategy but also in quantifying risk in ways that resonate with business leaders. The ability to translate complex technical risks into understandable and actionable business terms has become a crucial component of securing the necessary resources for cybersecurity programs.What approach do companies use today for cyber risk quantification? And how has cyber risk…

Cybersecurity Awareness Month: Cybersecurity awareness for developers

3 min read - It's the 21st annual Cybersecurity Awareness Month, and we’re covering many different angles to help organizations manage their cybersecurity challenges. In this mini-series of articles, we’re focusing on specific job roles outside of cybersecurity and how their teams approach security.For developers, cybersecurity has historically been a love-hate issue. The common school of thought is that coders are frustrated with having to tailor their work to fit within cybersecurity rules. However, many companies are embracing a security-first approach, and some developers…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today