In The Art of War, a text considered by many to be required reading for those studying military and intelligence operations, Sun Tzu teaches us that “… if you know your enemies and know yourself, you can win a hundred battles without a single loss.”
In the cyber security community, we tend to put a lot of effort into knowing our enemies. We collect volumes of data about our adversaries at scales that would have blown my mind when I got into this space a few decades ago.
We build advanced analytics systems that allow us to study that data in order to categorize and understand their techniques. We share (admittedly, to varying levels of success) threat intelligence that is derived from that research of the data. And, many times, in the end, we achieve (again, to varying levels of success) a decent communal understanding of our common adversaries.
But what’s next?
The gap we need to address next is powering a collective defense. We can learn from our adversaries here. They already have a collective offense. They exchange techniques and data more efficiently than many legitimate vertical industries in the world. The “Dark Web,” exploit kits, hacking communities – the adversary is organized against us and has been for a long time. They don’t reinvent the wheel.
And neither should we.
The next key steps in “collective defense” should not only be focused on the exchange of data and knowledge of our attackers. We’re already getting better at that. The critical evolution in our collective defense is the exchange of defensive tools and techniques. We need to team together to disrupt our adversaries.
As security practitioners, both vendors and operators alike need to leave the “proprietary” mindset behind when it comes to best practices, defensive mechanisms, and detection techniques.
One of the goals of Carbon Black, outside of our products, is to unite our community to empower the collective defense. We realize that there is a wealth of knowledge inside our customer base, and all of our customers will become more powerful if they can leverage each other.
To that end, we’re launching initiatives such as the Detection & Watchlist eXchange that will empower our customers to learn from each other and take immediate advantage of proven detection techniques right now. We’re working on ways to improve our products’ abilities to enable collaboration, not only around the data we have on our adversaries, but also around defensive capabilities.
Some of the smartest people I know work at Carbon Black. But there is no way they are as smart as all of us united as a community can be.