1. Field
The present disclosure relates to secure collaboration and data sharing for better analytics. More specifically, this disclosure relates to a method and system that allows organizations to collaborate while protecting the privacy of their data.
2. Related Art
Organizations today are exposed to an increasingly large number of cyber threats, including malware and software vulnerabilities as well as botnet, zeroday, and denial of service attacks. In compliance with risk management frameworks, industry practices usually recommend implementation of standard security countermeasures, such as firewalls, antivirus software, patch management, and security/log audits.
Some security solutions go beyond passive defense mechanisms and offer proactive measures to predict attackers' next move. Prediction techniques rely on attack information—so-called “security data”—that companies retain: Internet Protocol (IP) addresses, domains, Uniform Resource Locators (URLs), hostnames, vulnerabilities, phishing emails, metadata (e.g., attack technique, malware, activity description), incident parameters, Threats Techniques and Procedures (TTPs), etc. The more security data a company has, the better the understanding of adversarial strategies and thus the success of its prediction techniques.
Threat modeling requires as much information as possible about threats but information is usually scarce. In practice, companies have a limited view of malicious cyber activities and can only achieve limited prediction performance. Previous work showed that collaboration would curb this challenge as companies are often hit by the same attacks (see, e.g., Zhang, J. and Porras, P. and Ulrich, J. Highly Predictive Blacklisting. Proceedings of Usenix Security, 2008). Therefore, companies can enhance the accuracy of security intelligence and analytics mitigation techniques if companies share security data with each other, thereby increasing the availability of information about attacks.
Unfortunately, a number of problems often prevent companies from sharing security data. Furthermore, similar problems exist not only for sharing security data, but also extend to sharing other types of data, including financial data, to the detriment of companies that would otherwise benefit from collaboration. Some companies may have people manually parse and approve the sharing of secure information, which is unacceptably slow. Other obstacles to information sharing include trust issues, legal liability (e.g., negligence, exposure of customer data, shareholder duty), competitive concerns (e.g., collusion, no tangible incentives), as well as concerns with the reliability and quality of shared data.