Tuesday, September 21, 2021

Sharing is vital to thwart attackers, says Microsoft security exec

It’s tough to share threat intelligence with competitors, but in an era where attackers have time, money and resources on their side, going it alone is impossible.

That was the message this morning at Kaspersky’s annual Security Analyst Summit in Spain from John Lambert, head of the Microsoft’s threat intelligence centre.

“Modern defenders, they have a graph of things to protect,” he was quoted as saying. “They think about adversaries and their next move. They find trusted peers in the community, and understand the importance of learning from others and their practices. Pen-tests are diagnostics to successful defenders, not a report card. Pen-tests are input, with a goal of increasing attacker requirements.”

Lambert shared examples of changes Microsoft has made to core security and detection processes that have eventually made their way into patches and updates that have eliminated scores of zero-days.

“We are in a world where modern defenders are sharing about adversaries across geographies, industries and even within lines of competition,” Lambert said. “Threats are common things we all face. There’s no magical information-sharing thing. It’s a trust-based thing. You have to get to know people, you’re not trading with a vendor, you’re sharing with a person. It’s not a transactional relationship. You want to give them indicators because you want them to find more out there and it will help you down the line.”

This comes as the Canadian Council of Chief Executives and a group of major corporations are working on creating what is called the Canadian Cyber Threat Exchange for organizations who aren’t already sharing information as part of an industry-specific group.

Canada is a country of small and medium-sized businesses. It’s easy for big financial institutions, telcos and retailers to get together, but smaller organizations either don’t think about it or, if they do, share on a peer-to-peer basis. However, as I’ve written before, no organization is too small to be attacked, too small not to have some information worth pilfering.

The private sector has to do better at banding together to fight attackers.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News