It might seem like a contradiction, especially in light of recent customer data thefts involving Target and Neiman Marcus: If security "good guys" want to close the door to hackers, they have to open up to each other and start sharing more information.
That's the strategy preached by IID, a Tacoma-based cybersecurity company. It hopes to spur more of that sharing with this week's launch of ActiveTrust Hub, a social network for security professionals who work for major companies and large government agencies.
"We're trying to enable a neighborhood watch for the Internet," said IID CEO Lars Harvey. "We want to let companies and organizations share information in a secure place where they're having conversations about sensitive things that can't happen on Facebook, but we want to give them that ability to interact as they might on Facebook."
That means offering a variety of communications methods within a social network environment, including real time chat-like messaging and membership in various groups dealing with different aspects of cybersecurity. IID has also built in the ability to move large amounts of data, such as thousands of internet protocol (IP) addresses that may need investigating for suspicious activity.
Harvey hopes that once organizations buy ActiveTrust subscriptions and pass stringent vetting, which includes signing confidentiality agreements, they will pass along the latest information on malware and other threats.
"Once one company learns about a (hacking) technique or some indications of what's bad, they need to be able to share that with others so that they won't fall prey to the same attacks," Harvey said.
IID launched ActiveTrust in the same week that the Obama administration announced a set of basic guidelines for how industries can protect themselves from threats. The guidelines are voluntary, which Harvey says will probably meet with the approval of his company's existing clients, which are Fortune 100 companies and government agencies. The private sector clients are worried that "the rules will enforce some kind of regulation" and could assign liability for customer data losses.
Despite those worries, Harvey agrees that last year's highly publicized incidents, which included the Target and Neiman Marcus breaches as well as Chinese hacks of The New York Times, have brought the business world to a cybersecurity "tipping point."
"There's the realization that there are a lot of attacks going on. They (hackers) are getting inside and getting what they want, and it's very hard to defend yourself from a determined attacker," Harvey said. "That's why there's a lot of emphasis on being able to share information."
He admits that government agencies and big companies have been slow to adopt the sharing approach, thanks mostly to regulatory and legal concerns.
"They're tiptoeing into this sharing and neighborhood watch because there's a lot of history about trying to keep things close to the vest, and while people have realized they really can't survive doing it that way, they're still tiptoeing into this new world."