Crowdsourcing is one of those popular buzz words in the technology industry, but not one I often hear associated with security. According to a new Imperva study, however, maybe we should start thinking about crowdsourcing as a way to improve enterprise security.
At the end of April, Imperva released its study, Get What You Give: The Value of Shared Threat Intelligence. The study analyzed real-world attack traffic against 60 web applications between January and March 2013 to identify common attack patterns and found that the attack sources made up a disproportionate amount of the overall traffic against enterprise organizations in the report, and can be identified only by analyzing crowd-sourced attack data from a broader community.
Crowdsourcing increases community protection against large-scale attacks, and this is one of the biggest takeaway points of the study. According to the report:
Multiple attacking sources and payloads gradually cover more and more targets, thus affecting larger parts of the community. Identifying a “noisy” attack source - an attacker, payload or tool that repeatedly attacks – is important. Security cooperation between organizations that suffer from Web attacks can create a “network effect” in which all members of the cooperating community can benefit by exchanging security and threat information.
Security cooperation is one of the components of CISPA, which the Senate just shot down for yet another retooling. Whether or not the government steps in with regulation, crowdsourcing may be the way to go for companies that want to improve their security efforts. The reason is simple – if there is cooperation at the earliest stages of an attack, one company may be able to help others prevent similar attacks in the future. As Amichai Shulman, CTO, Imperva, said in a release:
This report highlights the need for early identification of these types of attack sources and payloads across a community of web applications, so that organizations can leverage shared intelligence to better protect themselves and reduce risk.
And isn’t anything we can do to help each other in risk prevention and improved security a good thing?