RSA 2013: Juniper Is Cagey About Sharing Threat Data

Thomas Brewster,
Nawaf-Bitar-Juniper lead

Juniper’s Nawaf Bitar will share threat data with RSA, but will he work with rivals? That’s not nearly so sure….

There were a number of familiar threads left over from last year’s conference at the start of RSA 2013, one of which has no sign of disappearing in the near future. That’s because it appears to be unresolvable: vendors who deal in security are not willing to share threat data on a big scale – and Juniper is just the latest to show this behaviour.

Perversely and frustratingly for suppliers, on the darkweb, crooks are sharing and selling information at lightning speed. Vendors, on the other hand, feel that sharing the threats they experience will either make them look weak or expose their procedures to competitors.

There may be signs of change – possibly a will to shake the vendor community into action. It would, as RSA chairman Art Coviello notes, massively enhance protection of the world’s networks. “We can’t do this unless we do a better job of cooperating… We have to rely on external feeds of data to get a force multiplier effect,” Coviello said. “After all, if criminals and rogue nation states can get together and share information, why can’t the industry?

“And it’s not just in the industry community, it’s in the vendor community as well.”

Help me help you

It appears industry is opening up a little more. Companies are practically crying out for help, talking more openly about breaches than before. Just look at the attacks on Apple, Facebook and Microsoft, who all came forward and confessed to compromises. All were exploited by visiting the same watering hole site, via the same vulnerability.

Nawaf-Bitar-214x300

Now, imagine a world where as soon as one of those firms was hit, the relevant information on the vulnerability, the hacked website, and all other data on the exploit were shared in real-time to all other businesses, regardless of who their security suppliers were. It would have prevented at least two of those major tech firms from compromise, and countless others. This truly open data sharing environment, if it were to be achieved, would help bring about a turning of the tide, where crooks would be on the losing team for a change.

But there was a telling moment when, during a pre-brief for press yesterday evening, security execs hinted this utopia would not become a reality anytime soon. Coviello and senior vice president of Juniper Networks’ Security Business Unit, Nawaf Bitar (pictured), were unable to expand on when and how they would work with competitors to make the world a safer place. That’s despite both agreeing such sharing was required to protect the wider market.

TechWeekEurope asked whether Juniper would share with its chief rival, Cisco. Bitar said he was willing to “fight for the greater good”, but would not say the company would share with its chief rival.

So barriers remain fully erect. Vendors aren’t willing to fully open up their data streams, create the right APIs, standardise data formats, look into linking data, or form the necessary partnerships that are needed to get the level of collaboration up to the standard of their online adversaries.

Will not share

There is the understandable assertion that threat data is intellectual property. Sharing it with every other vendor would kill competitiveness, thereby weakening the development of future technologies, the argument goes.

But that isn’t really the case. The IP could, and perhaps should, lie in the quality of the products, how they scale, how they can be adapted to business needs and tie in with other security layers, what services are supporting them. The data feeds themselves are, to some extent, valuable assets, but they do not need to be as treasured by vendors as they are.

It is, therefore, about finding the right balance between how much vendors give away. Bitar noted this was a “complex calculus”. “No doubt we’re a business and everything we do has to have a business context,” he told TechWeekEurope. “But there is this larger greater good that we also must serve.

trust security - Shutterstock: © Lightspring“For example, even if it is IP sensitive, and we had information about a grave threat, we are going to share.

“We are going to slice it up in different ways. There are certain things we are willing to share, things we are less willing to share because it would enable our competition… it is something we are going to work out in the coming years.” But he still won’t talk about Cisco…

All this blustering around intelligence sharing is largely talk at the minute, and little walk. RSA and Juniper have formed a partnership that will see the two hand relevant data to each other, which will feed into their products. But there is no widespread agreement with other organisations, not one that is effective in breaking down competitive barriers for the “greater good”.

There are groups that facilitate collaboration. The Information Security Forum and the Microsoft Active Protections Programme are two of the most notable. Banks are particularly good at exchanging info too. Indeed, RSA handed an award to the Financial Services Information Sharing and Analysis Center (FS-ISAC) this morning for its progressive work. But all efforts have thus far been sector specific. None have achieved the level of sharing amongst suppliers that criminals enjoy.

Is it fair, therefore, to assume that business interests are taking precedence over the safety of businesses and general Internet users? Is this blatant hypocrisy from security vendors? Perhaps. But, for the optimists, at least there is a will. One would hope a way is found sooner rather than later.

Are you a security expert? Try our quiz!