Security Startups: Collaborative Threat Response

Since about 2008, the industry has shifted from be exclusionary in information sharing to making significant strides to do so.  Where the conversation was amongst practitioner "friends and family" it has moved to institutions to facilitate.  Most notably is the Defense Industrial Base (DIB), FS-ISAC, Threat Exchange, Bay Area CISO's and more.  While this has been going on, law enforcment has also been trying to establish good information sharing between FBI, Secret Service, DHS and private industry.  Most recently, President Obama issued an executive order to help move the overall capability forward.

While there is ongoing debate in the private industry on the value of "public to private" information sharing, it's well accepted and acted upon for "private to private".  In this space it's mainly focused on threat intel sharing and remediation actions.  With that there isn't, still, a really good way of automatically exchanging on the attacks and collaboratively managing an incident remediation with multiple outside parties.  

This is even more compounded as legacy on premise services are now externalized in 3rd parties, managing an incident takes on a whole new complexity level.  Ensuring information is appropriately accurate and updated in realtime as well as highly secure and confidential.  To do this drives a very strong need of a zero knowledge threat exchange and collaboration service.  FS-ISAC, to the best of my knowledge, has made the greatest strides in this space for vertacle private companies.  A new company came onto my radar Comilion (www.comilion.com) that attempts to do just that.

It got me thinking about where the industry is and where it's going.  Our interactions, between companies, has matured related to security and looks to continue for some time.  With services, like Comilion, driving a deeper ability of one companies security team to exchange ongoing threats and remediations with another accelerates the destruction of "company" security walls.  As we blend security teams together by making the barriers of collaboration lower we will start to see an accelerated upleveling of capabilities and response.

Moving forward, specific security cohort areas, like Silicon Valley and the financial services, will not be unique.  The exchange of information and remediations on operationally critical and sensitive areas will start to blend them across vertacls and geographic areas.  This will be a very interesting destruction of corporate, industry and geographic culture holding back an important response capability.