Written by Mounir Hahad, Head of Juniper Threat Labs, Juniper Networks
Cybersecurity is such a vast and complicated space that it is nearly impossible to defend all of your customers from all of the potential threats bad actors are creating and modifying to attack a network without help from third parties.
For virtually all organizations, their network is built using a mix of products from many different vendors. These vendors are all conducting their own research around threats in the wild and producing actionable intelligence. Still, when that intelligence is kept just to the specific vendors’ devices, it leaves the other devices on the network open to attack.
Let’s think about it this way. Say, I have a firewall and am using my threat intelligence to enhance protection on that firewall. I tell the customer, “Don’t worry about those threats; our firewall can protect your network.” But their web secure gateway is from another vendor that does not have the same intelligence as I do, and the gateway inevitably gets attacked, causing a breach on the network. Just because I shut the door to attacks on the firewall doesn’t mean the other vendor’s secure gateway isn’t open and at risk to potential threats, compromising the network. You have to secure every device with the best threat intelligence to avoid any potential gaps from allowing attackers to breach your network. The Cyber Threat Alliance (CTA) brings us closer to this reality.
Collaboration in Cybersecurity
From music to scientific research, collaboration makes things better. The same applies to cybersecurity.
With CTA’s early sharing program, we have seen a massive benefit in the fantastic collaborative effort and working relationship that we have with other vendors in this space. We believe that keeping everyone’s network secure is critical to keep the business thriving.
While we all continue to compete on products, offerings, customer support, and solutions, we share information on threat intelligence. We are going to collaborate to make our customers’ networks as secure as possible. For people in the threat intelligence and security operations space, security is a mission before being a business.
By collaborating on threat intelligence, we can identify threats in the wild, like a campaign or ongoing attack, and share our findings with the CTA membership before making a public disclosure, and ultimately tipping off the bad actor that their threat has been identified and thwarted.
When we are all aware of an attack before it hits the newswire, we can deploy mitigations on our customers’ networks to protect them and help avoid any possible copycat attacks that inevitably will pop-up as a result of the news. Ultimately, this enables law enforcement to investigate these attacks before the general public knows what is going on.
Access to Researchers
Our membership with CTA has given us the ability to have conversations with researchers and note key trends in the cybersecurity space. We can share threat intelligence across vendors and hypothesize what the causation might be. By collaborating with other vendors and CTA’s research team, we can help them focus their research, go to the next mile, and double-click into these trends, so we can be as prepared as possible to protect all networks from bad actors. It is truly a mutually beneficial relationship.
CTA enables us to utilize some of the shared IOCs automatically, and we use that in our various detection engines, for example, IPs and domains in threat feeds, helping us to better protect all networks from potential threats.
With CTA, we can provide the most secure experience possible for our customers, no matter the collection of devices they have on their network, to provide a holistic, connected, and secure experience.