In the fiercely competitive world of computer security, where providing the most complete protection quickest is
the prime bargaining chip, "collaboration" is not a word that always comes easy.
But as attacks continue to increase in sophistication, tapping into the wisdom of the crowds, or at least the computing power of the cloud, might become the best way to stay ahead of the black hats.
Many network security vendors are now adopting the crowdsourcing approach, and it could mean big changes to how security is practiced in an increasingly networked world.
Crowdsourcing is the practice of taking functions once reserved for employees and outsourcing them to a large group of unpaid volunteers.
"The enemy, if you will, is very organized," said Max Weinstein, manager of StopBadware.org, a nonprofit organization founded to fight malware. "They have a lot of money riding on the line … so they have an incentive to band together and work together, even if loosely, to create a combined effort to attack our defenses," he said.
Weinstein says the good guys should fight back in kind: Security vendors, end users, and IT organizations should become more willing to share data with one another.
That's not always a message that catches on when it's first being preached.
"It's difficult to say, I, as a security company, am going to invest millions of dollars in R&D on which websites are bad, and then give that away to our competitors," said Weinstein. "Any business person worth their salt would immediately say that's a bad thing to do."
With that caveat in mind, some companies are trying to find a compromise. For example, StopBadware.org is negotiating with several security firms to act as an independent data analysis tool point: Proprietary information will be analyzed across several firms' data sets, and then the final results will be released without any companies' carefully guarded "blacklist" of malware sites being released, for example.
For some enterprise security vendors, dipping at least their toes into crowdsourced security can be a true business advantage.
As the number of websites continues to skyrocket, for example, the feasibility of paid human site reviewers to determine which are infected with malware, which are pornography and which are safe for work becomes more and more prohibitive.
"There is no way to keep up with rating every site," said Carrie Oaks , vice president of product and technical marketing at Blue Coat Systems Inc. One of Blue Coat's competitors has 300 full-time employees whose roles are to identify inappropriate or malicious websites.
By contrast, Blue Coat has only 30, many of whom are focused on checking non-English sites, and instead has deployed a combination of clever AI and a free consumer-use filter, dubbed K9 Web Protection, to help pick up the slack.
Oakes said the K9 service was foremost a public service by the company – giving parents and schools a free, simple way to restrict access to the darker regions of the Web.
But she also said the company derived a large business value out of being able to monitor a wider variety of potential sites that businesses wouldn't normally check.
"It gives us an ecosystem we wouldn't already have," she said.
When users visit sites not in the Blue Coat database, or if they report previously cleared websites as objectionable, that information is sent back to Blue Coat and shared with its central database, improving both the free consumer K9 service as well as enterprise-oriented filtering services.
"With security, you can never block all the risks all the time, it's all about mitigation," Oakes said. "The first person to the site will probably get infected, but we can help the other users."
While not as open as StopBadware.org's vision, relying on tens of thousands of extra users saves Blue Coat hundreds of man hours every day while considerably expanding the breadth of its protective services.
The defense-by-crowd strategy is catching on more deeply in networks, too. About a year ago, Extreme Networks Inc., for example, introduced "Widget Central," which allows end users to share security plug-ins, along with other user-created tools.
"Collaboration is more important than ever," wrote Paul Hooper, Extreme's chief marketing officer, in an email. "We do see users and vendors like ourselves collaborating more with users and sharing best practices."
Eventually, proponents hope that crowd-sourcing moves beyond blacklists and into a more nuanced approach that can provide comprehensive, if not perfect, security from a variety of threats.
"One area that has not been explored as much as it could be is really looking at ways of doing real-time reputation tracking of individual websites, email senders, servers, IP addresses -- where the reputations are being generated by a collective of users and companies and so on," StopBadware.org's Weinstein said.
Instead of having one definitive source, he said, users could see Google's rankings, McAffee's rankings and the aggregate votes of hundreds of individual users as well, like a Rotten Tomatoes of malware.
"We've got hundreds of millions of people using the Internet, and most of them aren't bad guys," he said.