“What came first, the chicken or the egg?” is a metaphysical mystery. One step right below that, at least in my opinion, is: Who controls the information technology security agenda? Do security solutions arise because vendors believe their technology is required, because users make demands or because the environment forces the issue?

Security for the IT infrastructure is critical in establishing a level of trust for Internet activities. Determining the most effective security measures for combating modern threats, however, is a difficult task that can muddy the waters.

IT Security Innovation

Two decades ago IT security simply consisted of antivirus, firewalls, passwords and patching. Attackers found ways to overcome those simple solutions, which resulted in vendors producing more advanced defensive technologies. Many types of security products have been developed since then, but cybercriminals eventually develop capabilities to circumvent or neutralize these defenses. Then the cycle continues.

Innovation continues to occur on both sides of the equation. The interplay between users, defenders, vendors and cybercriminals has fostered the creation of a varied and diverse set of protection solutions. But is it possible to predict what types of innovations will be coming next?

The Next Big Thing on the Agenda

When you have been involved in IT security for as a long as I have, people ask you what the next big thing will be. Is there something on the horizon that everyone will be talking about in the next year or two? Regrettably, my answer is typically an unsatisfying “I don’t know — it’s up to the attackers.”

Where cybercriminals will next concentrate their efforts is unknown. They have the initiative. It is only after new attack techniques are causing damage that security solutions tailored to thwart them are created; the vicious cycle of act and react continues.

Getting Ahead of the Curve

I’ve begun to believe that we’ve turned the corner. Defenders are now moving in a direction that could take much of the security initiative away from the attackers. The genesis for this change is partly a result of realizing that attackers have an advantage due to how they operate: They receive a force multiplier when they collaborate.

By sharing targeting information, vulnerabilities and tools, malicious actors are more effective. Collaboration has been a key component in their ability to stay one step ahead because they are collectively finding ways to bypass new security technologies.

The next major innovation in security isn’t a specific tool but an evolving mindset that the protection side shouldn’t go it alone. Defenders have taken note and are now growing their ability to collaborate, to share knowledge and defensive tools in order to improve response to threats, to have a better understanding of what is being targeted and to improve insight into malicious operations.

Improving information sharing can foster a sense of collective defense and enable a more proactive defense. By pooling threat trends, especially along industry lines, early warning is possible. This knowledge can aid in pre-empting attacks through vigilance and adjustments, such as creating new firewall rules, embracing virtual patching or closely monitoring privileged access activities.

The Two Exchanges

IBM’s collaboration efforts encompass X-Force Exchange and the App Exchange. With X-Force Exchange, IBM has opened up 700 terabytes of threat and vulnerability data to security researchers. This vast collection of information enables specialists to rapidly research the latest security threats, aggregate actionable intelligence — which encompasses IP address and URL reputation, Internet application profiles and malware information — and collaborate with peers. All of this allows organizations to see the bigger picture.

X-Force App Exchange is a marketplace for the security community to create and share apps. Third parties can create applications that will allow specialized data to be analyzed, processed and reported. Eventually the program will be extended to other product lines.

With these initiatives and those still to come, the attackers will soon not be driving the security agenda.

Watch the video: Collaborate for Better Cybersecurity Defenses

More from Intelligence & Analytics

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…