KPCB Security Salon
Barmak Meftah, AlienVault CEO, speaks about crowd-sourced threat intelligence in this 3 minute KPCB video.
Ted Schlein: If the threat problems are so serious, big and complicated, are we going to have to band together as a society, or a group of companies, or smart individuals to leverage our collective talents, intelligence, information in order to battle the bad guys who have infinite resources, infinite time, and are super-smart? And that whole concept, that we can’t talk about crowd-sourced threat information, crowd-sourced intelligence, I don’t know what you want to call it, but it’s the recognition that what we do ourselves is not going to cut it, and we need help. That’s another main shift, because in the world cyber, people have been pretty insular. Is it going to happen? As I said, the executive order hasn’t exactly gone anywhere, but is it going to happen? As I said, I know Barmak, you’ve spent a lot of time thinking about this, so.
Barmak Meftah: We love this topic. So I’m glad you asked that question – I have a couple ideas around it. So if you look at the world of security automation, or things that we produce as ISVs, and we sell it to the enterprises, there’s sort of two pieces to it – there’s the automation, there is content, and content arguably is probably equally, if not more important than the automation itself. And content typically comes in two forms. There is vendor-generated content, you know, any security company you talk to has some sort of an R&D lab that produces intrusion content, or correlation content, or vulnerability content, and then there is content that is sourced from the victims of cybercrime. And that content is not hypothetical, that content is real, it’s happened. And it’s interesting guys, because if you look at the world of physical security, if you look at Interpol, FBI, you know, the police, if you look at somebody’s house getting broken into in a street, within a very short period of time, everybody knows exactly what happened and how to protect against that attack vector.
Yet in the world of cyber security, we’ve been very insulated and isolated in our, you know, in our observations of our attacks, partly because we’re afraid of attribution. We’ve afraid that we’re going to be, you know, sort of known as the company that had that attack vector or breach associated with it. You know, what we’ve launched, which we’re pretty excited about, is a crowd-sourced threat intelligence exchange network that has no attribution, so I think there are ways without necessarily, you know, relying on the federal government these, you know, information security exchanges to be able to crowd-source the actual victim content.