Better information-sharing networks will keep hackers at bay, says threat intelligence specialist Soltra

Fear of spilling corporate secrets to rivals play into hands of online saboteurs, says firm’s chief executive.

PUBLISHED : Wednesday, 25 November, 2015, 4:14pm
UPDATED : Wednesday, 25 November, 2015, 5:03pm

The last two years have seen a series of high-profile cyber attacks on a global level, with victims including Apple, J.P. Morgan and the US government.

To combat the rise in hacking, the latest weapons of choice are not just stronger firewalls, but also improved ways of sharing information.

The finance industry has already established a network to share details on hacking cases so that companies can understand the hackers’ strategies in advance and take actions to thwart them.

Soltra, a US company that specialises in so-called threat intelligence, has come up with a network it likens to the highly placed rows of fire beacons used in medieval times to warn of invaders. The network collects and shares information on hacking attacks among its subscribers.

“Information security should no longer be comprised of disparate, disconnected silos,” said Mark Clancy, Soltra’s chief executive.

One piece of malware can be used to infiltrate hundreds of companies. Firms used to deal with each attack independently, Clancy said, but working together could greatly limit the impact of the malware and potentially make it redundant after a single attack.

Soltra is a joint-venture between DTCC, the US Depository Trust & Clearing Corporation, which clears and settles trades of securities, and the FS-ISAC, or Financial Services Information Sharing and Analysis Center, a non-profit cooperation founded by companies from the finance industry.

The company earlier developed a peer-to-peer tool it called Soltra Edge that allows companies to exchange information on attacks.

One year after its release, it had garnered over 2,000 users and built the foundation of the centralised Soltra network.

Many companies and even some social media giants have been making similar overtures.

Facebook entered the cybersecurity field by rolling out Threatexchange, an API-based platform, in February. This lets companies swap details on security threats. A related app was released in August.

So far, it has been used by over 130 companies, with early adopters including Twitter, Yahoo and Dropbox, according to Facebook.

READ MORE: Cyber attacks on Hong Kong universities increasing as state-backed hackers target city in the wake of Occupy Central

Meanwhile, technology giant Hewlett-Packard promises to deliver information and analysis on such threats via its Threat Central plantform. HP partnered with Japan’s Hitachi and security company Alien Vault on the project.

But the sharing ethos is hampered by companies’ reluctance to look vulnerable by admitting the damage hackers have done. Pundits say many are worried about compromising their image or brand while also potentially leaking sensitive information to competitors.

Clancy said the Soltra Network protects parties’ privacy by only keeping track of certain information. For example, it may know that a company was attacked from a specific IP address, but the identity of the victim corporation and the exact source of the attack can be withheld.

A pilot version of this network will be available before the end of the year, with the full version to be rolled out before the middle of 2016, the company said in a statement.