Thursday, November 18, 2010

Verizon launches hacking information service - - 17 nov 2010

Verizon Business has opened a new service that allows companies to post details of hacking attacks so that those in a similar situation can learn from their experience.

Verizon Enterprise Risk and Incident Sharing (Veris) was rolled out in March, and facilitates the anonymous posting of data so that companies do not have to reveal any vulnerabilities.

Each posting generates a Data Breach Investigations Report, which details similar attacks that can be used to develop new security procedures or warn of popular attack vectors.

"With the Veris project, Verizon is publicly sharing data that we have spent years gathering through our data breach caseload," said Peter Tippett, vice president of technology and innovation at Verizon Business.

"We are sharing the aggregate data and encouraging other companies to anonymously share their security event data to promote more dialogue and understanding of security incidents.

"The collective sharing of in-the-trenches security events offers the opportunity to fundamentally change how we all manage risk."

The system is already being used by the US Secret Service, and Verizon said that more companies using the service will help to lock down security problems more quickly.

All reports are stored and published in a collected report detailing common attacks, and the information is available in a wiki.

"Veris is a smart way for Verizon Business to crowd-source breach data collection, and giving it back to the data-starved security community makes it even more valuable," said Wendy Nather, senior security analyst at The 451 Group.

By Iain Thomson

No comments: