They lurk in the dark alleys of the Internet; they keep you awake at night; they are relentless and quite successful. They are the agents of cyber crime, cyber espionage, hacktivism and cyber terrorism.
They find and share zero-day vulnerabilities; they patiently research your organizations and your employees; they gather and share information; they infiltrate. And then… they strike.
So, how could you protect yourself against – and even prevent – their attacks? Perhaps we should turn to nature to find the answer…
When you think of it, nature is really an immense R&D lab that has been active for 3.8 billion years. We can learn a few things about cyber security from it.
“After 3.8 billion years of research and development, failures are fossils, and what surrounds us is the secret to survival,” says Janine Benyus, Founder of the Biomimicry Institute.
Let’s learn from a group that manages to thrive under near constant attack. They thrive in spite of threats; they thrive because they collaborate. Who are they? Trees. Yes, trees. Willows, poplars and sugar maple trees.
Two studies published in 1983 demonstrated that these specific kinds of trees can warn each other about insect attacks. Such warnings allow intact, undamaged trees to begin pumping out bug-repelling chemicals designed to ward off attacks against themselves and other nearby infested trees.
Somehow, the undamaged trees know what their neighbors are experiencing and they react to it. There is no magic; the trees simply communicate with each other.
But how can we as security professionals communicate more effectively with one another?
In today’s global economy, collaboration is not just a strategy—it’s essential to sustaining strong cyber threat defenses that are necessary for business success. Many companies are already sharing information through threat intelligence feeds and technology, such as Soltra in the financial sector.
Soltra’s standards-based open approach to STIX and TAXII offers new ways to communicate about threats. By adopting these standards and taking advantage of the threat intelligence feeds available from the community, law enforcement and commercial sources, organizations can regain the upper hand from malicious threat actors.
But the number of Indicators of Compromise (IoCs) are daunting, and they still need to be evaluated and prioritized to reflect those that are more pertinent to your specific business.
To be as efficient as possible in your threat detection and response, you need a system that can help you sort quickly the relevant and useful information from the noise and help you prioritize and prevent attacks: threat intelligence is the answer.
Finally, note that the solution is not just about communication and collaboration within companies and organizations but also amongst them. Either way, the best collaboration will reside in a well-integrated ecosystem of technology, people and processes.
Remember: trees don’t protect themselves in isolation; they communicate and collaborate amongst themselves. If they are able to warn each other about an attack, it is because they are of the same species and they are in proximity of each other.
In addition to putting in place robust security configuration management, vulnerability and risk management, and log and event management solutions, organizations would benefit from receiving and delivering threat indicators via STIX and TAXII.
When your organization serves intelligence via TAXII, you’re joining a global network of automated threat intelligence dissemination because others can now import your feed and use it to form their own curated content streams.
Taking clues from nature’s 3.8 billion years of R&D, and using robust technology and standards to communicate and collaborate, will help us thrive and be more resilient against cyber threats.
Title image courtesy of ShutterStock