Content

Debate: Cybersecurity information sharing allows network defenders to stay ahead of adversaries.

FOR 

Rick Howard, CSO, Palo Alto Networks

Cybersecurity information sharing is the secret sauce that will allow network defenders to stay ahead of the advanced adversary. Just because it is hard to do does not mean that we should not pursue it. Adversaries are notorious for occupying underground forums for the purpose of, among other things, sharing ideas about what is working and what is not. It behooves network defenders to leverage that same kind of crowdsourcing for their own threat prevention missions. We can point to success stories like the FS-ISAC and the DSIE for leading the way to evolve the concept in terms of standards and operational efficiency. It needs to be better and organizations like the Cyber Threat Alliance are looking to scale information sharing for the masses by tracking some 5,000 campaigns in real time and automatically distributing prevention controls to the deployed customer base. The information sharing community has obstacles to overcome, for sure, but they are not insurmountable. The benefits far outweigh the negatives.

AGAINST

Chris Drake, CEO, Armor

At this time – I'm not a believer that cybersecurity information sharing will move the needle in getting ahead of cyber threats. Benjamin Franklin nailed it, “Well done is better than well said.” We have a major crisis going on with cybersecurity and information sharing is not one of them – it is action, and having trained security professionals to protect our critical cyber territory.  You cannot win wars with satellites that gather intelligence – you must have boots on the ground with a strategy to use that intelligence to out maneuver the threat. Information sharing is a satellite view of cybersecurity and we are grossly short of professionals who can strategize, implement, monitor, and refine cybersecurity across their organization. We should also shine light on the fact that the root cause of most breaches is flaws in the software and hardware used to deliver cyberspace.  Until we refocus computer science and engineering degrees to REQUIRE a security foundation, like we do for civil engineers who build bridges, we won't win the cyberwar.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.