Security vendors and end users have access to the same technology and resources, if not more, than the threat actor community. However, the area where cybersecurity falls short as an industry is teamwork. Vendors and end users rarely talk to each other as a broader force. Thus, while innovation may happen for individual products, that innovation may not flow through a client’s work. Customers are hurt by a fragmented security landscape that may create gaps threat actors are ready to exploit.

This approach cannot last. The cybersecurity industry needs to bring change and start collaborating.

State of the Industry

Cyberattacks are at an all-time high with 8.5 billion records breached in 2019 and ransomware attacks up 67% annually in Q4 2019, according to the X-Force Threat Intelligence Index. At the same time, attacks on operational technology infrastructure increased by 2,000%. One reason is that clients often operate with a lot of autonomy, while threat actors work together in a highly collaborative environment.

Innovation in the security industry continues to grow as more venture capital funding is poured into security. This leads primarily to new product announcements from vendors across the industry. While this is great for the industry, what benefit is this really bringing to the clients? From a client perspective, these innovations may help in the short-term, but also add to the complexity of their environments, which is their biggest challenge, according to a recent Forrester report.

Today’s security environment has grown too complex. A typical organization is using an average of 25 to 49 disparate tools from up to 10 different providers. These tools (and their data) may be on-premise, on a private cloud or on one or more public clouds. Add to this the growing skills gap, and clients have too many tools, too much data, and too few resources – which lead to problems with complexity.

Breach Case Study: Mirai Botnet

For example, the Mirai botnet relied on threat actors sharing ideas and plans. Mirai is a malware that turned networked devices running Linux into remotely controlled bots. Then, those devices were used as part of a botnet in large-scale network attacks. It mostly hit online consumer devices such as IP cameras and home routers. In 2016, threat actors used Mirai and Bashlight to initiate multiple direct denial-of-service (DDoS) attacks that led to major services being down. This in turn led to loss of revenue and damaged brand reputations.

However, the most disturbing issue in this case is not the only use of that specific malware. Threat actors later published the source code in Github, where it formed a foundation for more problems. Several threat actors used the code, built upon it and executed multiple other attacks.

What Can the Security Industry Learn from Threat Actors?

Let’s go back to the example of Mirai Botnet. What was more lethal: the creation of malware or sharing the malware code on Github and making it available to their entire community? The fact that the code was posted and used as a base for subsequent multiple attacks illustrates the highly collaborative spirit of the threat actor community.

Leveraging Open Source for Innovation

Let’s take a look at other IT technologies and how they have changed over time. Within the past decade, the industry saw a seismic shift in how businesses build, deploy and manage their application and workloads.

In every major technology category, from operating systems to applications and data management, we see an open approach fueling innovation. For instance, in the last decade or two, a sprawl of proprietary server operating systems (OS) caused management issues. Today, on the other hand, almost 68% of servers run Linux, which is an open-source operating system. Similarly, open source is used in over 40% of applications and data projects, based on an IBM analysis discussed in an on-demand webinar, “Improve Risk Management and Fuel Innovation with Open Security.”

We have all seen the gradual growth in adoption of containers. Kubernetes is an open-source container orchestration platform that automates many of the manual processes involved in deploying, managing and scaling containerized applications. The open-source community has come together with some 4,000 developers working with Kubernetes, today. To put this into perspective, no single vendor can put 4,000 resources behind any single project.

Case in Point: Red Hat Ansible

An example of bringing open source to Security is Red Hat Ansible, an open-source community project sponsored by Red Hat. It helps security automation scale across applications, cloud services and development environments. This approach has worked well to address scale and interoperability concerns in DevOps. As a result, Ansible is the most popular open-source automation tool on GitHub, with more than 4 million downloads in February and 6,800 contributors developing and sharing additional automation modules to cover new and evolving use cases. This community led collaboration has led to exciting developments and updates, that are being shared at AnsibleFest 2020.

The New Frontier

If you look at some of the examples above, we can see how working in an open-source format solved the problem. For example, the complexity issues cybersecurity professionals face today are similar to the data center management issues faced a decade or two ago.

With open security, you’re no longer just trusting the vendor or even only your own developers and security experts. You have the entire community at your service. Other vendors or organizations, including universities and researchers, all are looking at the same code and improving it. They share methodologies and identify and fix problems much faster than could be done in-house.

One initiative already underway in this area is the Open Cybersecurity Alliance. Its purpose is to develop and promote sets of open-source common content, code, tooling, patterns and practices to maximize interoperability among cybersecurity tools. The aim is to simplify the integration of security technologies across the threat life cycle — from threat hunting and detection to analytics, operations and response — so that products can work together out of the box. At the time of this article, there are 28 organizations who are part of the Open Cybersecurity Alliance.

Open security is driven by community led innovation and expertise. It leverages open standards, developed from open source projects. Think of a world where the security industry and end users unite in a fight against the adversaries. It would give the industry the power to collaborate and share threat intelligence, along with best practices on staying ahead of its adversaries. Open security can make it possible.

Register for the upcoming webinar to learn more about fueling innovation with open security

More from Risk Management

The Growing Risks of Shadow IT and SaaS Sprawl

4 min read - In today's fast-paced digital landscape, there is no shortage of apps and Software-as-a-Service (SaaS) solutions tailored to meet the diverse needs of businesses across different industries. This incredible array of options has revolutionized how we work, providing cost-effective and user-friendly tools that streamline tasks and boost productivity. However, this ever-expanding application ecosystem comes with its challenges: namely, shadow IT and SaaS sprawl. According to a recent study by Entrust, 77% of IT professionals are concerned about shadow IT becoming a…

Are you ready to build your organization’s digital trust?

4 min read - As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges from remote work and insider behavior. Digital trust can make your organization’s digital transformation stronger. A lack of digital trust can do irreparable harm. However, according to ISACA’s State of Digital Trust 2023 report, too many organizations struggle to define and implement…

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging. We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically. For this reason, 75% of organizations…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…