In what could be a very virtuous trend, four of the cyber security industry’s leading tech vendors (Fortinet, Palo Alto Networks, McAfee and Symantec) have established a consortium focused on the furtherance of the art and science of cyber threat intelligence. This alliance, started in May and expanded in September, aims to help industry entities coordinate and collaborate in new ways against the high end adversaries attacking the corporate world.
The consortium is focused on sharing of threat intelligence, including indicators of compromise, according to a release.
We believe this will be a significant new source of information that contributes to the overall cyber threat intelligence capability of industry.
The mission of the Cyber Threat Alliance is to drive a coordinated industry effort against cyber adversaries through deep collaboration on threat intelligence and sharing indicators of compromise.
While past industry efforts have often been limited to the exchange of malware samples, this new alliance will provide more actionable threat intelligence from contributing members, including information on zero-day vulnerabilities, botnet command and control (C&C) server information, mobile threats, and indicators of compromise (IoCs) related to advanced persistent threats (APTs), as well as the commonly-shared malware samples. By raising the industry’s collective actionable intelligence, alliance participants will be able to deliver greater security for individual customers and organizations.
“We must match our adversaries’ aggressive drive to innovate with our own deeper commitment to collaborate. It’s no longer enough to share and compare yesterday’s malware samples. As an industry, we need to understand and be poised to react to the latest complex and multidimensional attacks of today and tomorrow. This cyber alliance provides a critical framework for educating each other on the infrastructure and evolving tactics behind these attacks.”
– Vincent Weafer, senior vice president for McAfee Labs, part of Intel Security
For more information on the cyber alliance and its members, visit:
cyberthreatalliance.org
This is a continuation of and very supportive of the trend we have been reporting on towards automation. This type of alliance will eventually be able to produce indicators that can be acted on in automated ways, giving a leg up to enterprise defenders.