July 24, 2020 By Anshul Garg 4 min read

Security vendors and end users have access to the same technology and resources, if not more, than the threat actor community. However, the area where cybersecurity falls short as an industry is teamwork. Vendors and end users rarely talk to each other as a broader force. Thus, while innovation may happen for individual products, that innovation may not flow through a client’s work. Customers are hurt by a fragmented security landscape that may create gaps threat actors are ready to exploit.

This approach cannot last. The cybersecurity industry needs to bring change and start collaborating.

State of the Industry

Cyberattacks are at an all-time high with 8.5 billion records breached in 2019 and ransomware attacks up 67% annually in Q4 2019, according to the X-Force Threat Intelligence Index. At the same time, attacks on operational technology infrastructure increased by 2,000%. One reason is that clients often operate with a lot of autonomy, while threat actors work together in a highly collaborative environment.

Innovation in the security industry continues to grow as more venture capital funding is poured into security. This leads primarily to new product announcements from vendors across the industry. While this is great for the industry, what benefit is this really bringing to the clients? From a client perspective, these innovations may help in the short-term, but also add to the complexity of their environments, which is their biggest challenge, according to a recent Forrester report.

Today’s security environment has grown too complex. A typical organization is using an average of 25 to 49 disparate tools from up to 10 different providers. These tools (and their data) may be on-premise, on a private cloud or on one or more public clouds. Add to this the growing skills gap, and clients have too many tools, too much data, and too few resources – which lead to problems with complexity.

Breach Case Study: Mirai Botnet

For example, the Mirai botnet relied on threat actors sharing ideas and plans. Mirai is a malware that turned networked devices running Linux into remotely controlled bots. Then, those devices were used as part of a botnet in large-scale network attacks. It mostly hit online consumer devices such as IP cameras and home routers. In 2016, threat actors used Mirai and Bashlight to initiate multiple direct denial-of-service (DDoS) attacks that led to major services being down. This in turn led to loss of revenue and damaged brand reputations.

However, the most disturbing issue in this case is not the only use of that specific malware. Threat actors later published the source code in Github, where it formed a foundation for more problems. Several threat actors used the code, built upon it and executed multiple other attacks.

What Can the Security Industry Learn from Threat Actors?

Let’s go back to the example of Mirai Botnet. What was more lethal: the creation of malware or sharing the malware code on Github and making it available to their entire community? The fact that the code was posted and used as a base for subsequent multiple attacks illustrates the highly collaborative spirit of the threat actor community.

Leveraging Open Source for Innovation

Let’s take a look at other IT technologies and how they have changed over time. Within the past decade, the industry saw a seismic shift in how businesses build, deploy and manage their application and workloads.

In every major technology category, from operating systems to applications and data management, we see an open approach fueling innovation. For instance, in the last decade or two, a sprawl of proprietary server operating systems (OS) caused management issues. Today, on the other hand, almost 68% of servers run Linux, which is an open-source operating system. Similarly, open source is used in over 40% of applications and data projects, based on an IBM analysis discussed in an on-demand webinar, “Improve Risk Management and Fuel Innovation with Open Security.”

We have all seen the gradual growth in adoption of containers. Kubernetes is an open-source container orchestration platform that automates many of the manual processes involved in deploying, managing and scaling containerized applications. The open-source community has come together with some 4,000 developers working with Kubernetes, today. To put this into perspective, no single vendor can put 4,000 resources behind any single project.

Case in Point: Red Hat Ansible

An example of bringing open source to Security is Red Hat Ansible, an open-source community project sponsored by Red Hat. It helps security automation scale across applications, cloud services and development environments. This approach has worked well to address scale and interoperability concerns in DevOps. As a result, Ansible is the most popular open-source automation tool on GitHub, with more than 4 million downloads in February and 6,800 contributors developing and sharing additional automation modules to cover new and evolving use cases. This community led collaboration has led to exciting developments and updates, that are being shared at AnsibleFest 2020.

The New Frontier

If you look at some of the examples above, we can see how working in an open-source format solved the problem. For example, the complexity issues cybersecurity professionals face today are similar to the data center management issues faced a decade or two ago.

With open security, you’re no longer just trusting the vendor or even only your own developers and security experts. You have the entire community at your service. Other vendors or organizations, including universities and researchers, all are looking at the same code and improving it. They share methodologies and identify and fix problems much faster than could be done in-house.

One initiative already underway in this area is the Open Cybersecurity Alliance. Its purpose is to develop and promote sets of open-source common content, code, tooling, patterns and practices to maximize interoperability among cybersecurity tools. The aim is to simplify the integration of security technologies across the threat life cycle — from threat hunting and detection to analytics, operations and response — so that products can work together out of the box. At the time of this article, there are 28 organizations who are part of the Open Cybersecurity Alliance.

Open security is driven by community led innovation and expertise. It leverages open standards, developed from open source projects. Think of a world where the security industry and end users unite in a fight against the adversaries. It would give the industry the power to collaborate and share threat intelligence, along with best practices on staying ahead of its adversaries. Open security can make it possible.

Register for the upcoming webinar to learn more about fueling innovation with open security

More from Risk Management

Operationalize cyber risk quantification for smart security

4 min read - Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes that accurately identify, measure, manage and communicate cyber risks. As a result, executives and board members remain uninformed and ill-prepared to manage organizational risk effectively.…

The evolution of ransomware: Lessons for the future

5 min read - Ransomware has been part of the cyber crime ecosystem since the late 1980s and remains a major threat in the cyber landscape today. Evolving ransomware attacks are becoming increasingly more sophisticated as threat actors leverage vulnerabilities, social engineering and insider threats. While the future of ransomware is full of unknown threats, we can look to the past and recent trends to predict the future. 2005 to 2020: A rapidly changing landscape While the first ransomware incident was observed in 1989,…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today