Today cybersecurity is experiencing a tectonic shift in strategy toward collective defense. We are standing at an inflection point in how we conduct cyber defense. In the face of highly sophisticated adversaries with seemingly limitless time and resources, individual organizations no longer can defend sufficiently, nor should they have to with the resources and technology now available to make collective defense possible. To mount an effective and affordable defense, we have to defend as teams across sectors, cities, states, and nations. Collective defense uses collaboration and information sharing in new and powerful ways to reduce risk and improve the societal, commercial, and governmental ecosystems every enterprise depends upon to thrive.
A tectonic shift in cybersecurity
While the idea of collective defense sounds practical — more people collaborating to defend in numbers — the idea is transformative for cybersecurity. It therefore is understandable that there may be some questions and perhaps confusion about how collective defense works; how to operationalize it; and why it is safer, more beneficial, and much needed.
One of the most common misconceptions about collective defense is the assumption that by working together in a collaborative way, you are giving away your competitive advantage. It’s worth taking a close look at this concern to set your mind at ease.
Collaboration over competition
It is unsettling, but sometimes true, that some organizations would rather see their competitors collapse from a cyber attack than work together in advance to confront common threats to the sector at large. Thankfully this attitude is rare. We can look to the example of what happens during the aftermath of extreme weather events. We’ve all benefited from energy company mutual support agreements during natural disasters. Your power comes back on faster because of teamwork. The next event may hit a different region of the country altogether, yet another company and population will benefit no matter where the disaster strikes.
In cyberspace, we face common threat actors and share global infrastructure. Working together benefits everyone in the ecosystem by keeping our shared cyber landscape healthy. A cyber attack on point-of-sale systems, inter-bank transfers, medical records, or the power grid hurts everyone, even competitors. We’ve seen sophisticated threat actors probe entire sectors looking for points of entry. Once in, they move laterally, either seeking to cause destruction or to gain covert access for later use.
Air gap or not, no computing device or network is truly isolated over its lifetime. Due to complex interdependencies in computing systems, cyber attack effects cascade and impact many. No single organization has sufficient analysts and threat intelligence to track all major threat groups and realistically monitor their activities in near real time. Through collective defense, by contrast, we now have such capabilities, which we can share between and across sector ecosystems.
If we keep operating as individual organizations in silos, we will lack visibility of key systems outside our immediate control. Within a mutual ecosystem, all stakeholders benefit from broader visibility across the threat landscape. For example, large companies don’t know the threats faced by the smaller partner companies they depend upon. Smaller companies can’t invest sufficient resources and have limited threat information sharing, too, thereby benefiting from the visibility only a collective defense ecosystem provides. Remember, large companies depend upon the smaller ones, directly or indirectly, and vice versa, in ways anticipated and unanticipated.
Efficiency gains across the board
Organizations of all sizes would save time and money through collective defense by avoiding redundancy and sharing resources. Tools like behavioral analytics, which automate detection and simplify threat hunting, are powerful, complementary amplifiers that can reduce cost and improve efficiency. What’s more, collective defense weakens adversaries’ ability to reuse the same Tactics, Techniques, and Procedures (TTPs) to “cherry pick” enterprises individually as they do today.
Threat information isn’t your competitive advantage; it benefits the sector at large, while also strengthening consumers’ and B2B customers’ trust in your own digitally transformed enterprise. True, how you operationalize threat information can provide a competitive edge. That is how it should be. CISOs can measure the maturity of their organizations on how effectively threat intelligence is operationalized to ensure progress. Organizations also can measure the quality of the intelligence they receive so their company isn’t awash in a sea of marginally useful IOCs and wasting money on irrelevant noise. With insufficient intelligence, your threat team does not have the details to make appropriate assessments and recommendations. Additional context from a sharing partner will lead to more effective threat research and incident response teams, as well as build the reputation of your company. Collective defense is a win-win.
Collective Defense at IronNet
The information shared in IronNet’s Collective Defense platform isn’t public, and corporate data privacy is protected through anonymized data sharing and encryption upon transit to and from the ecosystem. Useful threat information sharing does not disclose sensitive information about the internals of your network. By focusing on external threat actor activities, correlation, and anonymized alerts, we can provide a common operating picture for all participants, while preserving privacy best practices and meeting regulatory requirements.
The future of Collective Defense is bright for everyone. As the volume of data grows, so does its utility. Once a collective defense system gains enough critical mass, it becomes a highly valuable, multidimensional repository of anonymized information. Members of the collective then can generate multiple desired views of the data, based on their own particular needs. At the same time, Collective Defense raises the bar on securing the sector as a whole, in turn allowing individual participants to thrive in the digital economy.
To learn more about what Collective Defense looks like, check out this webinar that features IronNet Co-CEO and former Director of the NSA, GEN (Ret.) Keith Alexander, as he discusses in depth what collaboration can look like between the private and public sectors.