ArcSight this week is set to unveil plans to work with the CERT Coordination Center to improve security event information-sharing and analysis.
ArcSight, Sunnyvale, Calif., said it will install its security risk management software for free at CERT/CC and at a handful of universities to facilitate the Cyber Security Information Sharing Project (CSISP). The software will collect and aggregate data from firewalls and other security devices at the universities, and pass the information to CERT/CC for analysis.
The goal of CSISP is to create a model that shows the benefits of sharing security event information between organizations, said Rich Pethia, CERT/CC director. There has been a lot of talk about information-sharing in the IT security community but it rarely is a reality, he said.
"One of the purposes of this project is to demonstrate that there are real benefits to be accrued from sharing this kind of data so that analysis can be done to identify problems that can't necessarily be seen from a local perspective," Pethia said.
Cross-organization sharing of cybersecurity information is one of the recommendations in the National Strategy to Secure Cyberspace, said Larry Lunetta, vice president of marketing and business development at ArcSight.
Information Sharing and Analysis Centers (ISACs),which evolved from a 1998 presidential directive that encouraged industries to share information about threats and vulnerabilities in their sector,have been formed but haven't become popular, Lunetta said.
Companies don't share information about cyberattacks because they don't want bad publicity, said Brad Johnson, a vice president at System Experts, a security consulting firm in Sudbury, Mass. The downside is other companies can't learn from the attacks and protect themselves.
If CSISP succeeds, "it would be a boon to everybody," Johnson said.
Aside from serving as a model for information-sharing, other goals of CSISP are to identify issues involved in sharing security data,such as privacy,and to promote open standards in tools used in the information-sharing process, Pethia said.
For the CSISP implementation, ArcSight is adding support for Intrusion Detection Message Exchange Format (IDMEF) and Incident Object Description and Exchange Format (IODEF) draft XML-based IETF standards for exchanging security messages to its Distributed Security Architecture.
CERT/CC and ArcSight are seeking proposals from U.S. universities interested in participating in CSISP, which Pethia expects will begin in 30 to 60 days.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Microsoft Shows Its Love In Valentine's Day Patch Release
- Worker Abuse Protest Targets Apple, Supplier Foxconn
- The Daily App: Scan To PDF Free For Android
- Appcelerator Extends Mobile App Dev Reach With Cocoafish Buy
- HP Acquisition Train Keeps Rolling With ArcSight
- Security Vendor Lands First North American Distributor
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
