A few years ago when I witnessed my 16 grandchildren scattered throughout the house playing the game Fortnite, I realized something: Even if they had been playing from their respective homes, they would have still been collaborating and strategizing, just as effectively, to survive on the island. This was collective defense at work.
When it comes to defending against cyber attacks, we need to do battle as a team. I don’t mean to imply that Collective Defense for cybersecurity is child’s play, a game. Unfortunately several major cyber attacks over the past year, including the SolarWinds incident and the Colonial Pipeline ransomware shutdown, suggest otherwise. But we can look to the underlying aspects of this collaborative approach to change the current cybersecurity playing field, which simply isn’t working.
Based on my experience with the U.S. Cyber Command, I can say that the offense always won by actively creating new exploits, constantly modifying malware, massively scaling at a level that’s almost unimaginable, and escalating to nation-level attacks employed by Russia, China, Iran, North Korea — and many other rogue, non-nation state actors.
Cybersecurity defense that brings together organizations, states, and nations in a real-time network to defend against cyber attacks is the only way to compete against these adversaries and rampant ransomware gangs that just won’t quit.
My commitment to the Collective Defense mission is even deeper today than when my co-founders and I first set out to build IronNet in 2014. Now we have significant like-minded customers on board who have joined the mission, including energy leaders such as Southern Company and American Electric Power, financial firms such as NBH Bank and a sovereign wealth fund with a $300 billion portfolio, and MSSP partners such as ITC Secure.
President Biden’s meeting last week to discuss how we can improve the nation’s cybersecurity, where Southern Company CEO Tom Fanning called on the private and public sectors to work together, makes me especially determined to transform cybersecurity through Collective Defense.
To understand why we must adopt a new approach, we need to take a hard look at why current approaches to cyber defense aren’t working. Today, operators defend in relative isolation with only a narrow view of the network. This siloed and limited visibility makes it very difficult — nearly impossible — to understand the offensive strategy at play or, worse, the best defensive plan to mitigate the threats.
Although CISOs and SOCs may already share information “manually” via text, email, or phone, there is both lag time and the inability to see across the industry in near real time, at the same time. This business-as-usual approach to cyber defense provides a limited picture for defenders to plan their best moves as aligned stakeholders. All the while, the threat’s dwell time is expanding, and losses due to delayed response are piling up.
We need Collective Defense to shape the future of cybersecurity. With the IronNet Collective Defense platform, we can adopt a posture like that of air traffic controllers (or networked Fortnite survivalists) to see more and act quickly on the bigger picture, with situational context of where the threat is and where the attack campaign is heading. We call these insights attack intelligence: timely, relevant, and actionable threat information.
As the cyber “safe zone” is shrinking every day, we can defend it with the following elements:
Network detection and response (NDR) based on behavioral analytics
Let’s face it: false positives are the bane of every SOC operator’s existence. Behavioral analytics driven by machine learning can improve detection efficacy, but math alone is not enough. We need human intuition and insights augmented by world-class AI and ML techniques to be effective. IronNet’s Collective Defense draws on an expert system that takes the experience of some of our nation’s top cyber defenders and combines those insights with advanced AI/ML. It is only with these capabilities in a highly scalable NDR system that cyber defenders can keep up with determined cyber adversaries that have almost unlimited budgets and time to attack enterprises every day.
Real-time knowledge sharing
From the situational context, knowledge sharing can happen in near-real time through crowdsourcing and immersive user interfaces of the threat landscape. One of the frustrations when I had Cyber Command was that we couldn’t see attacks on our country. With automatic, machine-speed threat sharing and collaboration between public and private enterprises, we now can arm the commercial sector with the ability to see threats, share that knowledge with each other, and anonymously share that information with the government so that they can use all the levels of power at their disposal to defend the nation.
The U.S. Cyberspace Solarium Commission issued the following call to action in March 2020; today, we are much closer to realizing that mandate:
“The U.S. government and industry ... must arrive at a new social contract of shared responsibility to secure the nation in cyberspace. This ‘collective defense’ in cyberspace requires that the public and private sectors work from a place of truly shared situational awareness and that each leverages its unique comparative advantages for the common defense.”
Just listed as a public company (NYSE: IRNT), IronNet is scaling this mission in the U.S. and globally. Defending as a unified front is the only way to turn the tides back in favor of progress and prosperity brought on by innovative digital transformation. Cyber adversaries share attack methods, tools, and insights with each other to improve their offensive capabilities. Isn’t it time that cyber defenders do the same?
Defenders currently do work together, but unfortunately this often happens in an ad-hoc manner with a small subset of individuals. What if we could collaborate at scale? That is what Collective Defense aims to do: to enable communities of public and private companies within a supply chain, industry, state, or nation to work together against a threat in real-time.
The ability to pool knowledge and to leverage shared insights improves cyber detection and risk mitigation for the Collective Defense community, and it prevents the attacker from reusing the same TTPs to “cherry-pick” enterprises individually as they do today. Anonymously sharing these insights with the government allows the government to take action against that threat at the national level in order to neutralize or lessen the impact of the threat to enterprises under their jurisdiction.
Training and human intelligence
As AWS CEO Andy Jassy has said, “There is no compression algorithm for experience.” The human part of the cyber defense equation, driven by the field’s top cyber analysts, is critical. It is not just deploying security tools but also exercising your team’s ability to detect and respond to simulated threats and to practice how to work with peers to defend against that threat. Training and great people are the key elements of successful teams. It is what many of us at IronNet have done prior to joining the company. It is what we do today. I am proud of the expert DNA that is at the heart of IronNet: our cyber hunters, red team, engineers, and data scientists represent the best in the industry. At the end of the day, the technology has to be top-notch, but combining the technology with human curiosity and expert intuition is the real game-changer.
The inherent nature of this networking approach to cybersecurity is a defensive posture. Cyber attacks are rampant, constantly changing, and laser-focused on the payoff (such as intellectual property, the backbone of our thriving digital economy). Without question, we need Collective Defense. Armed with behavioral analytics and near-real time knowledge sharing, we can act more proactively and strategically to win the cyber war together, battle by battle.