For years, hackers have shared strategies with one another on how best to avoid data security tools and wreak havoc on information systems. To respond to hacks and other threats, chief information security officers (CISOs) can benefit from similar collective intelligence sharing of data security best practices, according to Stefano Zanero, president of Secure Network and director of ISSA International.
Sharing information protection strategies would help CISOs and others in the data security field, especially as resources continue to be scarce for many organizations, Zanero said. At the RSA 2014 Conference in San Francisco in February, Zanero sat down with SearchCompliance editor Ben Cole to discuss intelligence-driven data security and how CISOs would benefit from sharing information with one another.
You've spoken before about why the security profession should be proactive versus reactive. How can CISOs build defenses before threats materialize?
Stefano Zanero: This is getting more and more difficult by the day. It's actually a matter of exchanging information throughout the association and throughout the CISO field. Basically, we are learning that the bad guys are learning from each other. They are exchanging information, and they are actually much better at exchanging information and providing services for each other than we are. If we want to win this battle, the first thing that we need to do is to actually begin to learn from each other and to connect.
Being in touch with your peers is very important. If you look around us, where this is occurring at the RSA 2014 conference is not really happening in the conference rooms where there are speeches and talks. It's happening in the hallways, it's happening in the booths, it's happening outside the conference center, wherever people meet and exchange information.
What do you think is going to have to happen to make collective intelligence a reality? Are you seeing it happen now?
Zanero: It is not really happening now. It's definitely a needed step. Whenever you really need to do something as an industry, at some point someone's bound to provide it either as a service or as a community effort. In this case, it needs to be a community effort, so it will take a little bit of time to actually organize this response.
I don't know if it will come from a single source. I think all of the different organizations in this area -- professional organizations, industrial organizations, standards bodies, scientific and technical organizations -- are going to need to pull together their resources and to collaborate with each other. It's a profession with a very, very wide scope. There are different types of people involved. There are the C-level executives and there are the technicians. All these people need to exchange information with their peers in different forums and in different forms.
You mentioned applying analytics to security. What are some examples of this approach, and are there any obstacles to it?
More from RSA 2014
New generation of threats pose big risk for CISOs
The benefits of an intelligence-driven security strategy
Zanero: When you are faced with the modern problem of malware, for instance, you have very large collections of malicious data sets coming from all sorts of telemetries of antiviruses, and we are pulling this malware into enormous databases. What do we do with that, because we have very limited human resources to analyze those things? We need to resort to big data analytics and to figure out ways to automatically sort through those enormous amounts of malicious code, enormous amounts of attack traces, and to figure out what's really important, because we have very limited resources. Actually, the malicious guys have way more resources, way more time and way more people that are desperate enough to want to do this as a business.
We need to prioritize. In order to prioritize, we need to organize data that they're throwing in front of us. It's not just a matter of collecting. We've been collecting for a long time. It's a matter of making sense of that, and this is actually a very, very difficult challenge.
What are the emerging cyberthreats that CISOs should be most worried about? What are some security measures, techniques that are emerging to address that?
Zanero: The real big shift that we have seen in the last couple of years is from CISOs having to worry about economically motivated threats. Many CISOs have to worry about politically or strategically motivated threats as well.
Since the Internet is a unique environment where most of the components are actually built, controlled and managed by private organizations, the CISOs of these of these private organizations are in the line of fire. They're finding themselves more and more in the line of fire, sometimes in the line of friendly fire because their own state, in an effort to protect their citizens, actually may be sabotaging some of their assumptions about what is secure, what is not, and what is encrypted and what is not. This is a very, very serious change in the priority of any CISO, except maybe the smallest businesses. All of the large businesses' CISOs need to take into account this pragmatic shift. This is the challenge that we have for the next few years.