There are many ways to fight a battle, but to protect critical infrastructure globally from the onslaught of cyber-crime, one of the most effective weapons may be the laws of economics. With the volume and velocity of cyber attacks increasing more than 1,100% since 2009 nearly 120,000 assaults now strike each daycyber criminals have long had the advantage of speed and efficiency. A single virus can be used against hundreds or even thousands of organizations, making the cost to attack relatively low and the cost to defend very high.
The current cost to process a single piece
of intelligence is 7 hours. This is equal
to $100 million in 2014 and a projected
$4 billion by 2018
Adversaries must “re-tool” much
more often and their exploits cause
Frequency and impact of threats
decrease while higher adoption
leads to exponential benefits.
For Mark Clancy, CEO of Soltra™ and DTCC’s interim Corporate Information Security Officer, and for many of his colleagues in the industry, a key to winning the cyber war is by flipping the economic model on its head.
“We had an ‘Aha!’ moment several years ago when we reoriented our thinking to focus on ways to make it more expensive for criminals to launch attacks,” Clancy said. “If we could limit their ability to re-use an attack early on, to create new attacks to inflict the same degree of damage. But their costs increase exponentially. Over time, this escalating cost would drive many of the fringe cyber criminals out of business and allow the industry to focus our resources on fighting the most advanced and sophisticated aggressors.”
Today, the scales tip in favor of the criminals. They can launch attacks 150 times faster than most organizations can respond, mainly because too many firms still use manual processes to manage and share the flood of intelligence they receive. As Clancy notes, “Less than 2% of threat data is processed. Even more frustrating, it takes firms an average of seven hours or more to understand, contextualize and act upon that information. Not only is this time-consuming and ineffective, but it fails to increase costs on the attackers.”
Clancy said it was clear the industry needed to automate the collection and distribution of threat intelligence, beginning with finding a language that would allow systems across sectors to share data in a common way. “This is a sweet spot for DTCC because we have more than 40 years' experience automating and centralizing processes involving large volumes of data.”
Clancy and others quickly fixed their sights on the two machine languages – STIX (Structured Threat Information eXpression, like HTML) and TAXII (Trusted Automated eXchange of Indicator Information, like TCP/IP) that were developed out of research funded by the U.S. Department of Homeland Security’s Computer Emergence Response team (US-CERT). DTCC began working with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and industry volunteers on a pilot solution based upon these languages.
The resulting step in the evolution of cyber defense was Soltra, a DTCC/FS-ISAC joint venture that launched in late 2014. Its first product, Soltra Edge™, standardizes and automates cyber threat collection and distribution.
“Soltra Edge consumes large volumes of complex intelligence across industries, and then it prioritizes and routes it to our clients in real time,” said Clancy, who also serves as an FS-ISAC Board member. “Automation has enabled us to reduce the threat indicator analysis lifecycle and immediately shut off an attack. That gives criminals much less time to inflict damage.”
Clancy said another key element in the progression of information sharing was its evolution from person-to-person communication in the early days, then to links between firms, and now, to sharing industry-wide. Indeed, as the adoption of Soltra grows, other critical sectors have begun looking to incorporate its streamlined and automated response.
“Only half the Soltra installations are in the financial industry today,” Clancy said. “We’re very pleased to be able to leverage 15 years of information-sharing experience in the financial industry to help other communities, including the healthcare, energy and transportation sectors, not to mention other ISACs and national and regional Computer Emergency Response Teams. Because our platform is open, scalable and designed to integrate with many other solutions, and it’s available at no cost to our clients, we are linking businesses across numerous industries to create a united front to defeat our attackers.”
Click here to learn more about Soltra and to download Soltra Edge for free.