Skip Links

Better information sharing is the future of security, experts say

Potential seen for more proactive security following release of free threat intelligence feed

By , Network World
February 24, 2012 06:00 AM ET

Network World - After having founded a software security company, selling it to HP and then working for them, Roger Thornton gained valuable insight into the evolving IT security threat landscape. So, naturally, he left HP and took on a new role in an entirely different sector, where he is taking part in an initiative that aims to bring the security community to new levels of information sharing.

Thornton is three months into his new position as CTO of AlienVault, which is known for its OSSIM (Open Source Security Information Management) tool, and more recently launched its Open Threat Exchange, a free security threat intelligence feed.

While AlienVault does offer a paid version of the Open Threat Exchange, or OTX, the company has made it free for organizations that connect to its network and submit their security data for analysis. AlienVault's research team uses a handful of threat monitoring tools, including vulnerability scanning and wireless intrusion detection, to aggregate its customers' network security standards. That data is then made anonymous by a set of researchers, who then anonymously submit the pertinent threat data to customers looking to gauge the potential for similar threats on their own networks.

GETTING IN ON THE ACTION: Microsoft to launch real-time threat intelligence feed

Two emerging trends serve as the impetus behind the OTX. The first is the current reluctance to report security threat information among enterprises out of fear of giving competitors an advantage or suffering a public relations disaster. As Thornton put it, the OTX is "built like security guys would build it," because "there is no way, even if you broke into our systems, that you'd be able to track this information back to a specific customer instance."

The second trend that helped spawn the idea for the OTX is that of security threat information sharing, which Thornton has seen quite often among large enterprises that are unwilling to share with the rest of the community.

"One of the things I learned at HP and Fortify is that my very biggest customers, and we had back then every big bank and all the government guys, they do share threat information with each other. But it's very tight, little private networks," Thornton says.

BACKGROUND CHECK: HP's MphasiS buys Fortify for remote services

Having seen "a lot of value from that sharing," Thornton took interest in AlienVault's crowd-sourced approach to threat intelligence for organizations that lack the resources of these larger banks and government institutions.

"We've got no beef with the security rich," Thornton says. "We just want to make sure everyone else has what they have."

Even in its earliest stages, AlienVault's OTX is being welcomed by the security community. Wolfgang Kandek, CTO of Qualys, says the OTX will be "tremendously helpful" to security professionals, for both its anonymous nature and the ability to gain visibility over an entire network of users.

"I honestly don't believe any companies are big enough to see everything and to have 100% valid information," Kandek says. "That's why I think the future is in information sharing."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News