Regional security approach pays threat-intelligence dividends but sharing must be managed
- 18 June, 2015 14:04
Rapid expansion of Australian banking infrastructure will enable financial-services organisations to push harder into Asia-Pacific geographies while leveraging Australia-hosted security services and threat-intelligence infrastructures, according to Akamai's newly-appointed regional security chief.
While business expansion to many historically fraud-prone regional countries had been difficult in the past, the company's APJ chief technology officer Michael Smith told CSO Australia, increasing network flexibility was allowing that expansion to happen without the need to build extensive services locally as in the past.
This increased the overall security of financial-services offerings that were being built on secure delivery of services from Australia, which are being designed to adapt to the widely varying capabilities of regional telecommunications links.
“Some of our customers, that have a regional Web site or regional user populations, don't necessary need as much speed, so we position a lot more security products up front,” Smith explained.
“At the same time, we can help customers branch out into these new territories, keeping the infrastructure piece in Australia but still delivering performance that's acceptable to users inside of regional countries.”
Akamai has been supporting these capabilities with heightened information-security capabilities in a push that saw Smith recently put into his current role: “this is a huge growth area for us as a company, and as time goes along we'll get more and more involved” in the security-services market.
That's a significant change for a company that built its business around the fast and efficient global distribution of Web content. But as customers come to expect more flexible and responsive security capabilities, Smith said, Akamai is increasingly leveraging its far-reaching visibility into Internet traffic to help drive the rapid sharing of threat information.
This information, typically relating to tactics, techniques and procedures (TTPs) and indicators of compromise (IOC), has become increasingly important in helping Akamai work with other services and infrastructure providers to mount an effective regional threat response – crucial as financial-services players become more exposed in regions where fraud is known to be high.
Use of the four-stage traffic light protocol (TLP) designation had helped standardise the exchange of such information, which is both useful to security-cautious organisations but can become a problem if it makes its way back to the cyber-criminals to which it pertains.
“A lot of people talk about information sharing, but it's actually hard to do sometimes,” Smith said, noting that despite increasing participation in spirit from governmental law-enforcement organisations many security threats were still taking too long to make their way through the security community.
“When I see something affect one customers, I see if it affects others too – and if it does, it's a question of how I can share information without exposing it in such information a way that your sources don't dry up.”
“You can't disclose to the bad guys how much you know about them and how you're planning to stop them.”
The importance of managing such alerts became clear when Akamai observed a series of attacks on e-commerce, infrastructure and financial-services organisations in North America. Akamai's security team was able to collect detailed information on the method of exploit, which became useful again when the same team of hackers began hitting Australian targets 8 months later.
“We run into this interesting scenario where we have a bunch of information on the attacker, but need to disseminate it to existing customers and prospects to help them defend themselves,” Smith said. “TLP offers a quick and dirty way to get information to somebody with a little guidance on what they can do to share that information.”
This article is brought to you by Enex TestLab, content directors for CSO Australia.
