Emerging threats have created some strange bedfellows in the Cyber Threat Alliance but the group’s work is critical to advancing security in an increasingly connected world.
The Cyber Threat Alliance (CTA) has brought together some of the top names (and fiercest competitors) in enterprise security to address emerging challenges and the most serious, complex threats to organizations that the Internet has ever seen. The founding members, Fortinet, McAfee, Palo Alto Networks, and Symantec, have all committed to sharing threat information to better defend against these new threats and improve the security defenses that they provide to their customers.
The Alliance was created as a new way to “share threat intelligence”, according to a recent white paper the group published. The concept of collaboration among security companies isn’t new. Antivirus vendors and other stakeholders in endpoint security have been contributing to central information repositories and sharing virus samples for years. What is new is the range, scope, and nature of the threats to enterprises, as well as the potential economic consequences of increasingly common breaches.
According to the Alliance,
“To be effective against advanced threats, the CTA will first focus on important individual elements of the threat life cycle, like vulnerabilities and exploits, new malware samples, and botnet command and control infrastructure. In the future, contextual data about when and where attacks occur will be added, improving the group’s ability to identify attack trends.”
The group will be aggregating and sharing information on so-called “indicators of compromise” and advanced persistent threats (APTs), among other areas of pressing research and concern for enterprise security.
One aspect that differentiates the CTA from other information sharing initiatives that have preceded it is an emphasis on quality over quantity. Where malware databases may grow quickly with new software spotted in the wild on a nearly continuous basis, the CTA is focused on the especially challenging security problems faced all too frequently by modern enterprises. Specifically, the group is charged with identifying botnet command and control infrastructures and novel vulnerabilities and exploits in addition to APTs, zero day threats, and new malware.
Individual members of the alliance will continue to focus on the specific needs of their customers and build out differentiated platforms in this competitive market. However, the threat landscape is now so complex, the stakes are so high, and new threats are evolving so rapidly that all member companies can benefit substantially from sharing the latest threat intelligence.
The real winners in this, though, are customers who will have access to even more responsive threat protection. The CTA is currently establishing procedures and frameworks using existing standards “to build rapid and actionable threat intelligence sharing in order to react quickly to threats”. Each member of the organization devotes considerable resources, including dedicated research teams, to identifying new threats and the CTA will continue to leverage the expertise of these teams even as the individual members move to take “effective and prompt action on that intelligence, based on each member’s unique needs, technologies and processes“.