One thing in the information security community is very clear ： Today's digital threat defense war , It's harder than ever .
Part of the reason for this is that the number of threats we are facing is growing . for instance , The IRS this year 1 I received it last month 1026 Report of tax related phishing and malware attacks —— That's up from the same period last year 400%！ These malware continue to multiply on all kinds of media , Safety enterprise G Data Software The researchers at 2015 It was detected in the first quarter of 2007 5000 New Android malware .
The rise in the number of threats explains why Verizon 《 Data breach investigation report 》(DBIR) Tracking thousands of attacks every year . Only its 2016 In the annual report , Verizon used to include 64199 A security incident and 2260 The final data set for data leakage .
Security researchers also saw Increased threat complexity . To avoid being detected by anti-virus solutions , A lot of malware now uses evasion Technology . Some malware also integrate tactics that allow them to circumvent existing security measures , For example, the bank Trojan horse that can obviously bypass the two factor authentication Android/Spy.Agent.SI. Combined with these new tools ,Carbanak And other threat actors continue to launch all kinds of high-end attacks never seen before .
Recognizing this continuing evolution of digital threats , Computer security companies can no longer fight alone . The future of information security , It's a partnership between companies .
More and more companies are forming alliances , But just as there is no 2 The two companies are exactly the same , There are also differences between partnerships . in fact , Companies are engaged in many different types of partnership in .
at present , The leading partnerships in the security community are 5 Kind of ：
1. Shared technology model
In a shared technology partnership , Professional companies integrate solutions together , Help customers focus on the most urgent security risks .Tripwire Technology alliance project (TAP) That's the motivation behind it , The members of the alliance include RedSeal and Lastline Companies such as . Together, some shared technology partnerships have brought good news to certain industries . for instance ,Tripwire He runs the North American power reliability company (NERC) Alliance Network , This network organizes companies , Work together to develop solutions for power and public sector 、 Services and technology .
2. Strategic model
Partnerships are not limited to shared technology ; Some share strategic information . This kind of partnership usually takes the form of opening up threat intelligence sharing channels among companies . On the whole , Information sharing has helped produce some remarkable achievements . for instance , Verizon's 2016 DBIR Is to benefit from the location 82 Information contributed by companies in three countries . Threat Intelligence from these companies plays an important role in helping the security industry analyze the latest trends in data leakage . Strategic partnerships also help companies in specific industries , Especially in key national infrastructure , Protect them against digital threats .
3. The coaching model
Companies, businesses and public institutions are not the only entities to build security partnerships . Individuals can also build partnerships at the interpersonal level , And use this relationship to guide others . This kind of guidance usually starts with children . for example ,(ISC)² The foundation's secure online project “ Children's Internet Security ”, Encourage safety professionals to teach and cultivate safety awareness of primary and secondary school students . These courses , It's going to penetrate into the family of the child , Make the whole society more aware of the importance of safety . Information security professionals can also guide others as they start their own careers in the industry . Some mentors have had a long-term impact on the process .
4. Network mode
More broadly , Information security professionals can participate in network activities , Share knowledge 、 Experience , Make suggestions to each other , Improve the learning process , Help safe communities Unite . Security people connect mostly through meetings . Some activities , such as BSides, Provide communication channels in the form of interaction , Give budding experts a chance to speak . Other safety meetings , such as DEF CON And black hat , The number of participants they attract each year will provide communication opportunities .
5. Educational model
Last , Governments and educational institutions can build educational partnerships , Join forces to jointly cultivate the next generation of information security professionals . There are many forms of such partnerships . for instance , Government agencies can assist in setting up college courses , In order to better train suitable graduates for the institution , Or you can sign agreements with students , Let students work in the institution during the holidays to earn scholarships . Public institutions and universities can also be accredited 、 Win win cooperation in internships and other educational opportunities .
The world today , Digital threats are not something that businesses can fight alone . Fortunately, , Companies can use partnerships to introduce new solutions to security practitioners 、 Threat Intelligence 、 Guidance services 、 Online activities 、 Educational opportunities, etc . Together today , It's the best chance to resist the threat of tomorrow .