TIPS #1 Opening Keynote: Collaborating with Competitors: A Better Strategy to Beat Adversaries
Joe Levy (Sophos)
"If you want to go quickly, go alone, but if you want to go far, go together." This African proverb couldn’t ring more true for the cybersecurity industry. By working collectively, with a strong spirit of teamwork, we can achieve far more than by working as individual vendors.
But, only by thinking differently, doing a better and more comprehensive job at sharing threat intelligence, and by expanding the pool of participants who contribute to (and benefit from) this sharing and collaborative approach will cybersecurity vendors make lasting, impactful change.
While the security industry has pondered this kind of collaboration since the 1980s, only on rare circumstances has it been practiced. This comes down, largely, to a deep-seated mistrust between security vendors. This proprietary wariness drove companies to create their own silos of success. As we worked to establish our own expertise, well-resourced, persistent cyberattackers have leveraged this mistrust against us, hindering the development of stronger collaborative defenses.
It’s time we redefine collaboration and put it to practice to build a threat intelligence model that includes labs data, attack evidence, data science, threat research, hands on threat hunting experiences, and much more – from all of us. This would require less-protectiveness about our own work and an open attitude of collaboration in support of the greater good. Let us compete on technology, not on who knows more about a particular threat actor or malware family.
Once all of us in cybersecurity unite in this pursuit, we will have greater potential to draw in non-vendors – practitioners and specialists across all industries – who can to lend their unique expertise to help solve pressing, emergent problems. We can also tap their knowledge about their own successes (or failures) sharing information amongst each other within their own industries.
One example of the possibilities a mindset and approach like this provides is the COVID-19 Cyber Threat Coalition (CCTC). Since March 2020, the CCTC, a grassroots volunteer effort, has attracted and inspired more than 4,000 incident responders worldwide to share threat intelligence about scams, spam, phishing, and malware that continues to leverage our communal, human concerns about a pandemic as a social engineering exercise in furtherance of crime. This grassroots push has ultimately protected millions of people across a broad range of organizations from becoming victims of cybercrime – a magnitude only possible with the outpouring of effort and resources these volunteers brought to bear.
Not only would we be able to achieve more overall as an aligned group, we would be able to solve perplexing, lingering problems: It’s likely that each participant holds a piece of an attack puzzle that, on its own, makes no sense or leaves questions unanswered. If we pull all of these individual pieces together, and see the complete picture of an attack, we will be better equipped to develop the right defenses and better protect organizations and people.
This keynote provides the blueprint for joining forces in a productive, trustworthy way, including how we address quality issues, the role of machine learning in processing and curating ever-increasing volumes of data, and break down barriers for the win.
Joe Levy
CTO, Sophos
Joe Levy joined Sophos as Chief Technology Officer (CTO) in February 2015. In this role he leads the company’s technology strategy worldwide, driving product vision and innovation to both enhance and simplify IT security.
Joe brings more than 20 years of leadership and development expertise focused on information security. Prior to Sophos, Joe was CTO for Blue Coat Systems following the company’s May 2013 acquisition of security analytics pioneer Solera Networks, where he had served as CTO since 2008. Prior to Solera, Joe was CTO of SonicWALL (acquired by Dell), where he led research and development teams with concentrations in the areas of next-generation firewalls, deep packet inspection, cryptography, and secure remote access.
Earlier in his career, Joe spent six years with the security-focused value-added reseller OneNet, where he led product and service design and development, including managed services. Joe has participated in various industry certification and design consortiums, and he holds several security, networking database, and virtualization patents. He has co-authored a book on the topic of wireless network security, covering many of the secure wireless innovations he and his architectural teams have designed. Joe holds a B.A. from Queens College, NY.