Business & Technology
In today’s digital economy, speed and efficiency are essential. So is the ability to access data from anywhere and from any device. These demands are forcing the network to change, increasing the amount of data that networks need to manage and the number of devices connected to those networks. This is responsible for growing the potential attack surface of today’s networks.
The security challenge is about much more than just network expansion. Everything is also being connected to everything else through the growth of applications, shared services, and distributed resources. These growing levels of hyper-connectivity are compounding the challenge of protecting networks because data and resources are always in flux, with new attack vectors constantly being created as a result.
However, data and resources still need to be protected, especially as they move from remote devices, through the network, and out into the multi-cloud. But most traditional security devices were never designed to do this, so the security industry is under pressure to create new solutions that can seamlessly provide the expanded protection that today’s networks need.
Companies can’t protect what they can’t see. So, in addition to increased performance and integrated security devices, IT teams also need access to real-time threat intelligence. Advanced threat intelligence from security professionals helps IT teams quickly detect and identify threats and automatically respond at digital speeds.
Threat intelligence gathered from multiple sources, and then processed and correlated, is the most effective, valuable, and actionable. It’s what organizations with huge security resources use to better protect their networks. The problem is that this sort of higher-level intelligence has historically been out of the reach of most companies. So, in 2014, Fortinet took steps that would eventually lead to the formation of the Cyber Threat Alliance (CTA). We and other founding members, including McAfee, Symantec, and Palo Alto Networks, understood how critical it was to provide security professionals with the intelligence and technology they needed to identify an attack. We also knew they needed to be able to use that information immediately to stop an attack along the kill chain.
Security companies like Fortinet, who were actively engaged in threat research, knew how much we relied on threat intelligence to protect our customers. We also knew that converting raw intelligence into something that was actionable required a level of expertise that many organizations didn’t possess.
Our answer was to bring together participants from across the cybersecurity industry to correlate and share actionable threat intelligence in as close to real time as possible. We knew that organizations not only need this type of threat intelligence to better defend against cyberattacks, but that sharing threat intelligence also helps improve the overall security of the Internet.
After a few years, the founding members decided that to better meet these goals, the CTA should be established as an independent organization. Since announcing the new organization, including the addition of Cisco, Checkpoint and a leadership team over the last year, the CTA has expanded its ability to protect organizations around the world. It has done this by growing the number of organizations that share threat intelligence, and by improving the tools used to collect, process, and correlate intelligence in order to protect millions of customers.
The CTA is working to improve the cybersecurity of its global digital ecosystem by significantly reducing time to detection and closing the gap in the detection-to-deployment lifecycle. It does this through near real-time, high-quality cyber threat information sharing and operational coordination between companies and organizations in the cybersecurity field. This approach brings together companies with different interests but enables them to work together for the greater good.
While sharing threat intelligence is an important part of any security strategy, it’s only half the battle. External threat intelligence provides obvious benefits, but it also needs to be part of an integrated threat intelligence strategy.
Threat intelligence needs to be a cycle. Our FortiGuard Labs team, for example, uses the intelligence we collect from participating customers to improve our threat database. We then share that intelligence back to the CTA, which in turn is used by customers. As a result, threat intelligence is constantly being recycled and refined.
There are strong benefits to any organization that participates in collecting, processing, and sharing threat intelligence. One of the most important is that the wider the scope and scale of visibility into threats that we can create, the more everyone will be able to detect and mitigate new and emerging threats.
Because of its collaborative approach to collecting threat intelligence from cybersecurity experts, the Cyber Threat Alliance is unique in both its mission and its model. The cyber community as a whole would do well to use CTA as a model for how different, even competing organizations can come together across private and public sectors, including critical infrastructure, to address emerging cyber threats ¾ especially those with far-reaching social and economic implications.
This blog originally appeared on the CTA blog.