Page 5 - Cyber Warnings - November 2015
P. 5
When Information Security Meets Social Media
By Mav Turner, Director of Product Marketing, Security, SolarWinds
Social media is a powerful tool for business, whether you’re using it for networking or sharing
insights and best practices. However, it can also be a potential security risk—a place where
attackers can easily gain information about a target.
Take LinkedIn, for example. Think about it—why bother running a blind scan trying to fingerprint
targets when you can just look at the LinkedIn profiles of their network and systems administrators
to see what systems they’re working on? As a result of these potential threats, many companies are
enacting policies that require employees to remove specific details about their jobs.
At the same time, however, the principles behind social media can be used to actually increase
organizational security, too.
At the heart of social media is information sharing, which, of course, can be used to wage attacks.
On the flip side, however, by programmatically sharing information about threats, defenders can
create a mutual defense much stronger than a single IT administrator or business would be able to.
Admittedly, this is easier said than done. When it comes to security, IT professionals are known for
being wary of sharing information, especially any information that may give attackers an advantage.
While it’s still important to weigh which information gets shared, as an industry, it’s time to come to
terms with the fact that going it alone is no longer an option. We have to move beyond sharing basic
virus definitions or IDS signatures, and one of the ways to achieve this is to draw from
cybercriminals own playbook.
Too often, attackers are two steps ahead of defenders, and in general, they tend to be very social,
sharing information about vulnerabilities and tactics more efficiently than defenders. The image of
the lone wolf cybercriminal is a thing of the past; most attackers are part of a very active
underground community sharing tools and tactics faster than any one company can keep up with.
So, it’s up to the IT community to turn the tables on them and get better at sharing more information
more efficiently.
Recently, this has manifested itself in the form of threat feeds. Threat feeds are a promising
technology to quickly share attack information and enable infrastructure to dynamically detect and
respond to new threats. Some of these feeds can be straightforward lists of IP addresses or
network blocks associated with malicious activity, while others can contain more complex
behavioral analysis.
The idea of sharing attack patterns or signatures isn’t new, but in the last few years we’ve seen
deeper integration through the detection and protection infrastructure. While threat feeds will not
guarantee security—actually, you should be skeptical of anything that claims to guarantee
security—it’s a move in the right direction towards creating collective defense arrangements. Even
5 Cyber Warnings E-Magazine – November 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide