Fortinet’s Derek Manky offers some perspective on Fortinet’s most recent cooperative information sharing agreement and what this means for the future of global cyber threat intelligence.
What did Fortinet announce with KISA today?
Fortinet took another important step in an effort to bolster the future of cybersecurity. We signed an agreement with KISA to formalize cybersecurity information sharing, in particular on cyber threats. This partnership is an excellent example of a call to action for intelligence collaboration between the public sector and private sector. This follows other agreements like our relationship with NATO announced earlier this year. When we grow our collective intelligence, we can better combat advanced threats, deploy security controls to counteract the latest moves, and deliver greater security for our customers and all organizations. This agreement strengthens our global threat data.
Why is this important, what is the impact of the agreement on information sharing in Korea?
Established in 2009 through a merger of three separate organizations (Korea Internet & Security Agency, National Internet Development Agency of Korea, and Korean IT International Cooperation Agency), KISA is dedicated to advancing South Korea’s Internet industry and ensuring information security. Under the Ministry of Science, ICT & Future Planning (MSIP), KISA is one of South Korea’s key government agencies responsible for protecting its private sector against cybersecurity threats.
Cybersecurity threats are increasingly of high concern in Korea. Korea shows a high usage and dependency on the Internet by its public as well as private sectors, and it is exposed to Internet security issues every day as one of world’s top security breach destination counties. Offshore cybersecurity attacks and corresponding risks are rapidly on the rise and the detrimental impacts such attacks could have on the society as a whole are becoming more pervasive. A partnership with true global cybersecurity intelligence centers such as FortiGuard is imperative in Korea.
Fortinet and KISA intend to work together to conduct research and analysis of internet incidents and technology support by means of exchanging knowledge and experience in cybersecurity. There will be joint activities (meetings, workshops, trainings) on matters of mutual interest that will enhance the intended exchange of cybersecurity expertise between KISA and Fortinet.
The exchanges will include Botnet IPs traced to South Korea, malicious domains and URLs, malware samples that both parties require to analyze threats collected through respective cyber threat intelligence centers. Fortinet will also provide zero-day vulnerability research to KISA to coordinate with local affected vendors to patch, along with proof of concept. KISA and Fortinet also intend to lead local forums that will help extend this knowledge to trusted partners in industry.
What other collective relationships or activities is Fortinet doing to direct the future of cybersecurity?
Fortinet is taking action not only via product innovation and our Fortinet Security Fabric, but also public and private sector relationships. Earlier this year Fortinet announced that within the framework of the NATO Industry Cyber Partnership (NICP), the NATO Communications and Information (NCI) Agency signed an industry partnership agreement with Fortinet. In addition, Fortinet is a founding member of the Cyber Threat Alliance (CTA), a group of leading cybersecurity solution providers who have come together to share threat intelligence on advanced attacks, their motivations, and the tactics of the malicious actors behind them. In addition, Fortinet is a member of the OASIS Cyber Threat Intelligence (CTI) technical committee which focuses on STIX and TAXII development. This helps to define how, when, and with what methods or protocols security vendors and law enforcement will all share information. It is important since we are directing the future of threat intelligence standards and protocols as we pave the way forward. Actionable threat intelligence cannot be achieved without a well thought out methodology in place. We consider memberships in organizations like OASIS or CTA to be crucial for promoting awareness and standardization that brings everyone to the table to use the same language when talking about cybersecurity.
Finally, Fortinet recently worked with INTERPOL on the arrest of key individuals including the kingping of a $61 million crime ring. This was only possible due to Fortinet’s participation in INTERPOL’s expert cybercrime working group, the focus of which is to create meaningful public-private sector relationships with law enforcement. This is a key aspect to directing the future of cybercrime and certainly sends a strong message to all cybercriminals at large.
What is top of mind for you in regards to cooperation and information sharing in Asia and in Korea as a result of KISA?
The Fortinet-KISA collaboration will further pave the way for similar partnerships across the region between Fortinet and various CERTs. We believe other global cybersecurity vendors will also increase similar cooperation in the region and this could only lead towards a safer cybersecurity environment and better coordinated efforts against advanced attacks.
What is next for Fortinet in terms of information sharing?
There is a greater mission on the part of every security vendor to make the world safer and more secure for people to interact, do business, and to communicate ideas. Public and private sector partnerships will remain a big opportunity in the future for Fortinet in particular. In addition, contextual information is very important, while safeguarding privacy and only sharing and correlating non personally identifiable information (PII). Indicators of compromise (IOC), traits related to an adversary, campaign or tactics often have a short shelf life. Sharing information promptly and proactively across all verticals is essential moving forward. Security controls need to be able to digest automated threat intelligence and take action. The vast amount of threat intelligence that exists today and more coming tomorrow cannot be managed otherwise.
Enterprises continue to struggle with limited defensive resources, a growing security skills shortage, and the proliferation of security tools that operate in isolation. Security teams monitor an average of 14 separate security consoles to try and manage, assess, and secure the expanding array of devices and technologies on their networks. Many times, they have to compare log files, hand correlate data, and manually change policies between devices in order to address threats, which means that many threats go undetected, and response times are too slow for attacks that operate at machine speeds. This is essentially a growing big data problem for cybersecurity today.