While some may assume that IT security professionals can easily analyze a given attack, more sophisticated intrusions are proving headache inducing for industry whizzes.
“A lot of what a breach is revolves around the targeted nature,” said Joe Stewart, director of malware research with SecureWorks, during a panel session Tuesday at the RSA Conference in San Francisco. “You can have situations that start looking like a botnet, but once you look into it more it could be something that is targeted.”
However, shared information supplied by “working groups” of anti-botnet specialists may be an enterprise’s biggest asset.
“We need real resources to have a real shot at taking down massive botnet attacks,” said panelmate Richard Howard, general manager of VeriSign iDefense. “They have to have to be the right size, have a team of lawyers, and need the technical guys that know how to stop and implement the proper security.”
There are a currently a number of working groups that assist in helping to facilitate the sharing of cyber intelligence, including the Network Security Information Exchange and the Forum for Incident Response and Security Teams.
“There are a lot of companies that did not worry about attacks that are going to be faced with responding to very serious incidents that they are just not prepared for,” Stewart said. “Some day, having that relationship with working groups will come in very handy when they’re facing an attack and don’t know how to handle it.”
In addition, building intelligence-driven security is key, especially as more businesses accept the reality of compromise.
“Successful companies will have a blend of intelligence,” Howard said. “They will pursue collaborative intelligence and they will nurture native intelligence to spot what’s next.”