Co-founder of ArcSight and vice president and chief technology officer of HP Security Solutions Hugh Njemanze said that Australia is well ahead of the US at collaboration between the government and organisations on cybercrime.
Njemanze had been out to Australia to speak at this year's AusCERT conference, the annual security event for the Australian industry, held on the Gold Coast.
"The Australians have a less antagonistic relationship with their government," he said about the event, adding that he could sense less tension and more trust.
US companies had been disenchanted in the past by situations where they had provided information to the US authorities, only to get nothing back, according to Njemanze. He had the impression that this wasn't the case in Australia.
"It certainly makes it easier for the private and public sector to collaborate," he said.
Government and industry are set to collaborate over the next few months after the government put out a call for help to create a cybersecurity whitepaper.
Collaboration between organisations on security is a difficult issue, according to Njemanze, who said that companies are generally cautious about sharing their information. Meanwhile, the bad guys are collaborating all the time, he said, putting the defenders at a disadvantage.
It would make sense, when companies fought similar threats, for them to be able to see each others' logs from routers/switches, firewalls, intrusion detection systems, applications, servers and systems — but this often becomes an intellectual property issue, he said.
Once lawyers turn up, "it's just easier to not share it", according to the executive.
He said that he was working on a feature for ArcSight's ThreatDetector product, which uses heuristic analysis to detect patterns in logs that could be threats. The feature would enable collaboration between companies that had the product, identifying threats they had in common. Those companies could then pool resources to work on the threats.
Eventually, a patterns language or standard could be created so that companies on different log products could also be included, he said.
This has been one of the efforts that is being worked through with the extra resources that ArcSight's takeover by HP has afforded the company.