On 12 September, Fortinet, McAfee, Palo Alto Networks and Symantec announced a new industry partnership: the Cyber Threat Alliance. The collaborative effort is an interesting one, as it seeks to provide a platform for the sharing of information that is the traditional chaff from where their bread and butter idiomatically derives. The stated goals of the Alliance, as outlined by an accompanying white paper, is to share intelligence on vulnerabilities, exploits, new malware samples, and botnet command and control infrastructure. Undeniably the escalation of complex and sophisticated cyberattacks successfully leveraging the deployment of zero-days and botnets, has rendered legacy signature-based antivirus engines almost obsolete in terms of defending against modern threats (although that is not to say antivirus is completely dead, as n00bcomers still need to cut their teeth on something on their way up the ladder).
While intelligence sharing has been touted loudly for a long time by organizations and governments literally submerged in daily cyberattacks, the response has been hesitant and somewhat limited in providing effective relief. Many vendors have been trying to figure out how to counter this newer, more complex wave of unknown threats and its accompanying seemingly tentacular infrastructure. Some governments, although obviously keen to collect as much intelligence as possible, are simply restricted by what they fear may impose undue constrains on the private sector to share intel or submit to audits (which has not been remiss in voicing the cost of potential regulatory burdens). Further, many organizations are still afraid of the stigma of being a victim, with the perceived collateral damage this would have on reputation and revenue. This leads to even less awareness and understanding of the real danger and the actual level of threats, unwittingly reinforcing the stigma. And of course, intelligence sharing is a business much like any other – for both cybercriminals and for security vendors. Having that information (of a zero day, or of a prominent C&C center) means their solutions will have a higher rate of effectiveness.
Unfortunately, the current state of digital affairs is simply untenable. Any online presence, however large and well protected, or small and insignificant, is a target, not least because cyberattacks are increasingly automated. The success rate, over time and against countless targets, remains ostentatiously high for cybercriminals, prompting ever more to try their hand in this digital gold-rush. Participation in the cybercrime economy is as competitive and cut-throat as in any high-stake legitimate marketplace. And however well-developed a security product seems to be, and however deep its well of threat intelligence, the game is being slowly and painfully lost against cybercrime. When companies such as Target and eBay, or even security companies, cannot keep their head above water, despite their vast resources, then something needs to give at the market level.
The Cyber Threat Alliance appears to be one set in that direction. While it is not the first, hopefully it won;t be the last. Unambiguous in their statement of intent, these four competitors obviously understand the greater impact their solutions can have by pooling their expertise and their knowledge together. The collaboration also underlines a shrewd business move. The cybersecurity market is saturated, with vendors eager to showcase their competitive advantage amidst a cacophony of other vendors from numerous different industries. Legacy and experience in the security market is no guarantee of future dominance as hordes of bright, quick and able start-ups steal the limelight. An alliance amongst behemoths appears like a future-proof strategy, with open access (limited by specific entry requirements) guaranteeing fresh intel as the Alliance grows. While the partnership will narrow the gap even further between these competing vendors, differentiation will focus even more rigidly on their respective security technologies and product performance, undoubtedly a benefit for the end-user. Whilst not forgetting the strategic business advantage of the Alliance, the effort is one that is desperately needed in the face of widespread data theft. While the move offers a truly worrying picture of cybercrime’s success when such fierce competitors agree to join forces, it also offers a small glimmer of hope that at least the market is ready to step in a more collaborative direction.