“What came first, the chicken or the egg?” is a metaphysical mystery. One step right below that, at least in my opinion, is: Who controls the information technology security agenda? Do security solutions arise because vendors believe their technology is required, because users make demands or because the environment forces the issue?

Security for the IT infrastructure is critical in establishing a level of trust for Internet activities. Determining the most effective security measures for combating modern threats, however, is a difficult task that can muddy the waters.

IT Security Innovation

Two decades ago IT security simply consisted of antivirus, firewalls, passwords and patching. Attackers found ways to overcome those simple solutions, which resulted in vendors producing more advanced defensive technologies. Many types of security products have been developed since then, but cybercriminals eventually develop capabilities to circumvent or neutralize these defenses. Then the cycle continues.

Innovation continues to occur on both sides of the equation. The interplay between users, defenders, vendors and cybercriminals has fostered the creation of a varied and diverse set of protection solutions. But is it possible to predict what types of innovations will be coming next?

The Next Big Thing on the Agenda

When you have been involved in IT security for as a long as I have, people ask you what the next big thing will be. Is there something on the horizon that everyone will be talking about in the next year or two? Regrettably, my answer is typically an unsatisfying “I don’t know — it’s up to the attackers.”

Where cybercriminals will next concentrate their efforts is unknown. They have the initiative. It is only after new attack techniques are causing damage that security solutions tailored to thwart them are created; the vicious cycle of act and react continues.

Getting Ahead of the Curve

I’ve begun to believe that we’ve turned the corner. Defenders are now moving in a direction that could take much of the security initiative away from the attackers. The genesis for this change is partly a result of realizing that attackers have an advantage due to how they operate: They receive a force multiplier when they collaborate.

By sharing targeting information, vulnerabilities and tools, malicious actors are more effective. Collaboration has been a key component in their ability to stay one step ahead because they are collectively finding ways to bypass new security technologies.

The next major innovation in security isn’t a specific tool but an evolving mindset that the protection side shouldn’t go it alone. Defenders have taken note and are now growing their ability to collaborate, to share knowledge and defensive tools in order to improve response to threats, to have a better understanding of what is being targeted and to improve insight into malicious operations.

Improving information sharing can foster a sense of collective defense and enable a more proactive defense. By pooling threat trends, especially along industry lines, early warning is possible. This knowledge can aid in pre-empting attacks through vigilance and adjustments, such as creating new firewall rules, embracing virtual patching or closely monitoring privileged access activities.

The Two Exchanges

IBM’s collaboration efforts encompass X-Force Exchange and the App Exchange. With X-Force Exchange, IBM has opened up 700 terabytes of threat and vulnerability data to security researchers. This vast collection of information enables specialists to rapidly research the latest security threats, aggregate actionable intelligence — which encompasses IP address and URL reputation, Internet application profiles and malware information — and collaborate with peers. All of this allows organizations to see the bigger picture.

X-Force App Exchange is a marketplace for the security community to create and share apps. Third parties can create applications that will allow specialized data to be analyzed, processed and reported. Eventually the program will be extended to other product lines.

With these initiatives and those still to come, the attackers will soon not be driving the security agenda.

Watch the video: Collaborate for Better Cybersecurity Defenses

more from Intelligence & Analytics

CISA Certification: What You Need to Know

The globally-recognized Certified Information Systems Auditor (CISA) certification shows knowledge of IT and auditing, security, governance, control and assurance to assess potential threats. As you can imagine, it’s very much in demand. It can also be confusing.  Is CISA Certification Related to the Cybersecurity and Infrastructure Security Agency? CISA, the certification, is related to CISA, the federal agency, right?  Wrong.…

Raspberry Robin and Dridex: Two Birds of a Feather

IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin DLL and a Dridex malware loader, the results show that they are similar in structure and functionality. Thus, IBM Security…