Video Screencast Help
Security Community Blog

CrowdSourcing Intelligence

Created: 19 May 2014 • Updated: 21 May 2014
Tim G.'s picture
0 0 Votes
Login to vote

So I was reading this article earlier and I had some thoughts come to mind here.  I was going to share them on my LinkedIn account, but felt that this was not going to be a short update, nor would it be a "final thought" as I would like to have something with a little more meat and feedback to it.

So here goes.

In the article the author calls out some pretty interesting stats associated with credit card breaches, PII losses and the like.  None of these details should be news to you if you follow any of Symantec's reports like the ISTR or any other of our joint reports or other industry bodies’ reports for that matter. 

These reports will show you big numbers, which really show just how prevalent and dangerous all of this is.  And to be quite honest, if you want they can not only be intimidating, but that can be paralyzing and lead to ambivalence if you aren't really careful. 

In the end what the article is leading you towards is the idea that crowd sourced intelligence will help you prevent and overcome the issues with sole source information.  If you are only looking at your logs you only see what happened to you which is like running through the world with blinders on.

Apps like the one discussed in the article help create information sharing anonymously.  End users identify their known good and bad charges and this builds a breach profile.  There are some limitations here because you don't know who may be falsifying information, but things like this work remarkably well. 

In the end crowdsourcing intelligence is logical, sharing through trusted partnerships and brokerages that ensure measures of source validation as well as privacy protection and confidentiality is a necessity.  We are torn between the need to protect our constituents’ privacy and our own businesses.  And though these areas at times conflict, it's the establishment of 3rd parties that can create areas of obfuscation and allow the dirty transference of intelligence without formal attribution and loss of fidelity that protects us as business owners.  Public-Private partnerships are good at starting this but often lose funding over time.  Industry councils start with grand ideas, but can lose their way if they aren't guided well.

It's when everyone has some skin in the game these work best. Subscriptions services like DeepSight, Apps like the one described in the article, they provide an independent broker to ensure your information is secured, and that it is shared with other subscribers, other members of the crowd can see what has happened without attribution to you.  And better you can see what has happened to others without attribution to them, allowing you to be protected by sharing threat intelligence.