Palo Alto Networks is on board with industry-wide efforts to share threat intelligence and disseminate it so the collective knowledge businesses gather about threats can be quickly turned into defenses against new types of attacks.
Its efforts include support for the new federal Cybersecurity Information Sharing Act that lifts some of the liability businesses are exposed to if they share data about security incidents. If the data inadvertently reveals personal information but was submitted in accordance with the law, the contributor would not be legally liable.
The company is also hammering out the details of the Cyber Threat Alliance it formed last year to gather threat information from security vendors and researchers that can rapidly and thoroughly unmask current threats. The goal is to shorten the useful lives of attacks and put a heavier burden on attackers who want to stay in business.
Recently Network World spoke about this with Palo Alto’s CSO Rick Howard. Here is an edited version of that conversation.
What impact has the Cybersecurity Information Sharing Act had on your efforts?
The law basically gives [businesses that share intelligence] some relief in case somebody makes a mistake in intelligence sharing. So it’s too early to tell what sort of an impact that’s going to be.
Are you saying it’s going to take somebody to actually be challenged in court and have a ruling before CISA will be widely used?
Right. Until someone gets challenged on it, I don’t know how impactful the law will be.
What value, if any, will this type of information sharing have for you and your customers?
This is a fundamental thing that we have to get right. Palo Alto Networks believes it, I believe it, that we need to scale intelligence sharing massively in order to get ahead of the adversaries so yes, I encourage anything that will help us share intelligence better with our peers, with our competitors, with our friends - anybody.
We need to scale intelligence sharing massively in order to get ahead of the adversaries...
What are the advantages, specifically?
Let me talk about the initiative that we’ve been working on here. It’s called the Cyber Threat Alliance. My boss got three other CEOs of security vendors [Fortinet, Intel and Symantec] to group up and decide to share threat intelligence with each other. What we are pushing on is not just sharing malicious code with each other, although that’s what we’re doing right now. What we’d really like to do is share adversary playbook information down the kill chain, indicators of compromise, how the adversary thinks his or her way through their victims’ networks. Our experience is that the list of indicators of compromise in that playbook could be as small as 100 and as big as over 3,000 to 4,000 things that they do. What we want to be able to do is share that information with as many people that can consume it and push prevention controls out as automatically as we can.
Sign up for Computerworld eNewsletters.