Startup TruStar Platform Lets Enterprises Anonymously Share Security Breaches
Source: Personal Creations http://www.personalcreations.com/
Security startup TruStar Technology has launched a global platform for participating enterprises to anonymously share cybersecurity incidents.
By collaborating without attribution, worry over legal issues, or concerns about damaging their reputation, TruStar expects members will become more educated about threats and responses, react faster, and be better prepared to thwart vulnerabilities. The San Francisco-based company – co-founded by Dave Cullinane, ex-eBay chief information security officer, and Paul Kurtz, who founded the Cyber Security Industry Alliance and was special assistant to the President and senior director for Critical Infrastructure Protection at the White House – uses asymmetric encryption and anonymous authentication protocols to ensure data remains unattributable, TruStar said Thursday (April 16).
"When a TruSTAR member submits a report through the TruSTAR Agent – it is anonymized and all attributable information is quickly redacted – and then the user reviews the report and submits it through our anonymous authentication protocol which ensures that the report is coming from a member of the TruSTAR network without any of the other members or even TruSTAR knowing which member submitted the report," Patrick Coughlin, COO at TruSTAR told Enterprise Technology. "TruSTAR and the members will only know which sector the report is coming from. Within seconds, this anonymized data hits the TruSTAR Station and is correlated with all other incident reports as well as with open source information from all corners of the Internet. It also pulls in social information such as Twitter and RSS feeds."
Speed is invaluable when combating cybersecurity breaches, according to the 2015 Data Breach Investigations Report, released this week by Verizon, which found 75 percent of attacks spread from Victim 0 to Victim 1 within 24 hours. As a result, the report determined enterprises must "close the gap between sharing speed and attack speed."
Also critical, safeguarding an enterprise's entire community – from smallest supplier to largest customer. TruStar – which costs $24,000 per year – initially is focusing on bigger organizations, said Coughlin. In 70 percent of the attacks where a motive is known, there is a secondary victim, the Verizon report determined. Safeguarding smaller, sometimes more vulnerable firms, is on TruStar's agenda, Coughlin said.
"Our focus will be on larger enterprises first, because those are on the front lines of cyberattacks. But we recognize that we have to account for companies of all sizes and allow sharing to happen not only among peer companies but also throughout the supply chain," he added. "When we look at the Target attack in November 2013, they were compromised through their HVAC supplier in Pittsburgh that eventually found their way to the point of sale systems in Target stores. Anonymous sharing has to be valuable and accessible to the global landscape of good guys if we are going to be able to get ahead of the bad guys – and that is our vision for TruStar."
Participation does not simply mean writing a check, however.
"TruStar data is open to approved members that match our vetting criteria and that can also provide value by sharing with the network. Government may absolutely participate, but on TruSTAR, sharing is a two-way street," said Coughlin.
