What is Collective Defense and Its Role in Digital Security?
Cybersecurity Collaboration • Oct 20, 2023
We use cookies to improve your experience. Do you accept?
Cybersecurity Collaboration • Oct 20, 2023
You’ve probably heard of the term “it takes a village” when it comes to raising a child, the idea that multiple hands–even from outside the family–are needed to care for the young. Well, when it comes to preventing cyberattacks, there’s a similar concept called collective defense.
On October 6, Microsoft released the 2023 edition of their “Digital Defense Report”. This annual publication from Microsoft Threat Intelligence is focused on “Building and improving cyber resilience,” and draws upon data from 65 trillion signals, 135 million managed devices, and 4,000 attacks blocked per second. This year’s report focuses on key themes including cybercrime, nation-state threats, critical cybersecurity challenges, and innovating for security and resilience – and for the first time ever, they dedicated an entire chapter in the report to collective defense. Not only that, the collective defense chapter happens to be the longest and most substantial section of the report – the chapter serves as a clarion call for unified action against cyber threats. It emphasizes that in the face of sophisticated cyber adversaries, collaboration, unity, and collective defense are not just strategies, but imperatives, for a safer digital future.
At Cyware, we are strong supporters (and enablers) of collective defense strategies, and as such, it was great to see this increased focus on this critical area from Microsoft. Let’s dive into exactly what is collective defense, as well as a few of the collective defense highlights from this report.
Collective defense is an approach to cybersecurity that involves collaboration between organizations via threat intelligence sharing and coordinated threat response actions against most critical threats. Essentially, collective cyber defense is defined as a collaborative cybersecurity strategy that requires organizations, both internally and externally, to work together across industries to defend against targeted cyber threats.
The Digital Defense Report underscores the urgency of bolstering open-source and supply chain security through collective efforts. Major tech giants, such as Microsoft, IBM, and Google, are collaboratively addressing cyber threats, emphasizing the significance of community-driven initiatives in the cybersecurity realm.
Open-source communities, with their collaborative nature, are uniquely positioned to foster widespread change, making them pivotal in the fight against cyber vulnerabilities. The establishment of the Open Source Security Foundation (OpenSSF) exemplifies this commitment, aiming to tackle emerging security challenges. The foundation introduces frameworks to better understand supply chain threats and devise effective mitigation strategies. In essence, the report advocates for a unified, community-centric approach to fortify the digital ecosystem against evolving cyber risks. Cyware participates in a number of OpenSSF working groups, including the Vulnerability Disclosure Working Group and the End Users Working Group.
The digital realm is rife with cyber threats that are constantly evolving, adapting to security measures, and finding new vulnerabilities to exploit. Due to the ever-increasing impacts on industry and society at large, governments around the world are moving quickly to get their arms around the cybersecurity problem. Agencies are creating increasing amounts of regulations that companies must follow, including the recent cyber incident reporting regulations out of the SEC, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), and the EU Cybersecurity Act.
While these efforts are to be commended, individual, isolated efforts to combat these threats are insufficient – building and nurturing productive relationships across a wide spectrum of stakeholders is not just beneficial, but essential. We strongly agree with Microsoft that these relationships serve as the foundation for improved threat intelligence sharing, bolstering resilience against attacks, and formulating effective mitigation strategies.
Microsoft describes a collaborative legal effort they led in conjunction with Fortra LLC and Health-ISAC. It is a testament to the power of collective action. The groundbreaking lawsuit is not just symbolic but aims to create tangible disruptions. It targets infrastructures that deploy cracked versions of Cobalt Strike or those that flagrantly violate Microsoft's terms of use, particularly concerning the malicious deployment of its copyrighted APIs. Such collaborative endeavors underscore the potential of uniting diverse entities in a common goal: to identify, challenge, and dismantle the infrastructures that cybercriminals rely on. Using purpose-built collaboration platforms in sharing organizations improves collective visibility – and makes it easier to gather evidence for collaborative actions such as this one.
Implementing collective defense involves a coordinated approach to cybersecurity where multiple entities collaborate to detect, defend against, and respond to cyber threats. Here's a step-by-step guide on how organizations can implement collective defense:
Identify Stakeholders : Determine the organizations, agencies, or entities that will be part of the collective defense initiative. This could include private companies, government agencies, non-profits, ISACs, or other relevant stakeholders.
Develop Trust : Build trust among participants by establishing non-disclosure agreements (when applicable), defining roles and responsibilities, and ensuring operational transparency.
Create Communication Channels : Establish secure communication platforms for collaborative sharing of threat intelligence, defense intelligence, best practices, and incident reports in real-time, allowing them to be operationalized automatically whenever possible.
Share Threat and Defense Intelligence : Encourage members to share indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs), and other relevant threat data – as well as defense intelligence including detection rules, threat hunting playbooks, and incident response playbooks – as often as possible, automating the sharing when possible.
Conduct Collaborative Analysis : Pool resources to analyze shared data, identify patterns, predict potential threats, develop and maintain detections, and curate incident response.
By following these steps and fostering a culture of collaboration, organizations can effectively implement a collective defense strategy, enhancing their ability to defend against and respond to cyber threats. If you are interested in learning more about how to get started, let us know.