A new initiative by a group of industry heavyweights to improve security response is a bit sketchy, but holds some...
promise, security experts said.
Cisco, IBM, Intel, Juniper Networks and Microsoft announced the Industry Consortium for Advancement of Security on the Internet (ICASI) last week. The companies said the nonprofit organization will help protect enterprises and governments by providing a way for vendors to work together to address security threats targeting multiple products or shared protocols.
"To date there has not been a trusted vendor environment that allows companies to identify, assess and mitigate multi-product global security challenges together on the customers' behalf," the group said. "ICASI aims to fill this void."
The consortium aims to provide a mechanism for international vendor and customer involvement, and also "a government-neutral way of resolving significant global, multi-product security incidents."
Evert Ramon Krikken, research analyst in security and risk management strategies at Burton Group, said the group's announcement was a little light on details, but stressed collaboration, which could boost security response.
"They're some of the largest names in the industry, so if they can indeed create a culture of information sharing, it will certainly help because it should allow people to be much more proactive about responding to incidents," Krikken said. "Information sharing is one of the things that is more or less lacking at an industry level."
He added that companies are very secretive when it comes to security breaches, "so any kind of information sharing is good."
Charlotte Dunlap, senior information security analyst at Enterprise Strategy Group, said ICASI sounds like a sorely needed alliance between major infrastructure providers.
"As with most new ventures, the devil is in the details, so it will be important for the group to quickly establish ground rules and objectives for achieving this free-flowing information exchange to be most effective in combating Internet threats," she said in an email. "There is also the potential for the group to exclude smaller infrastructure players and other security vendors, so it needs to outline how it intends to distribute its findings in a fair manner.''
According to the ICASI website, the group will finish its roadmap over the next few months and release its work later this fall. The organization is looking to work with publicly traded IT vendors, and provides information on its website on how to become a member.
Amrit Williams, a former Gartner analyst and now chief technology officer at BigFix, said the ICASI announcement wasn't much different from announcements made by Cisco and Microsoft to collaborate on NAC solutions to stop the threat of worms.
"It is always nice to see competing industry gorillas feign cooperation for the good of the public, but in reality this consortium will have little impact on overall enterprise security," Williams said in an email exchange.
"That being said, a forum for multi-vendor communication in the face of multi-product threats can build a foundation for decreasing the window of exposure and limiting the impact of such threats, assuming of course the ICASI organization can not only communicate effectively between their members, but can also coordinate with a broader spectrum of organizations," he said.
Williams said that improving security response to widespread Internet threats requires cooperation between the public and private sectors, coordinated through the international CERT organizations. But he added, "However, today there is little incentive, and in some cases outright fear, for communicating security breaches or other incident information, which will help to improve overall security and limit the impact of emerging attacks."