Cyber Threat Alliance Expands Mission through Appointment of President, Formal Incorporation as Not-for-Profit and New Founding Members
Former White House Cybersecurity Leader Joins CTA to Drive Alliance Mission of Improving Global Defenses Against Cyber Adversaries; Six Industry Leaders Collaborate on Automated Threat Intelligence Sharing Platform
San Francisco, Calif. – RSA Conference 2017 - February 14, 2017 – The Cyber Threat Alliance (CTA) today announced the appointment of Michael Daniel as the organization’s first president and its formal incorporation as a not-for-profit entity. Additionally, founding Members Fortinet® (NASDAQ: FTNT), Intel Security, Palo Alto Networks (NYSE: PANW), and Symantec (NASDAQ: SYMC) today announced the addition of Check Point® Software Technologies Ltd. (NASDAQ: CHKP) and Cisco (NASDAQ: CSCO) as new alliance founding Members. Together, the six founding Members have contributed to the development of a new, automated threat intelligence sharing platform to exchange actionable threat data, further driving the CTA’s mission of a coordinated effort against cyber adversaries.
- The CTA incorporated as a not-for-profit in January 2017 and appointed Michael Daniel as its first President in February. Daniel was formerly Special Assistant to the President and Cybersecurity Coordinator for the White House.
- The CTA has expanded to include Check Point Software Technologies and Cisco as new founding Members who joined pre-incorporation.
- The CTA’s inaugural Board of Directors includes the CEOs and senior leadership of six major cybersecurity vendors: Check Point, Cisco, Fortinet, Intel Security, Palo Alto Networks and Symantec.
- The CTA outlines its corporate purpose as a not-for-profit: to share threat information in order to improve defenses against cyber adversaries across member organizations and protect customers; to advance the cybersecurity of critical IT infrastructures; and to increase the security, availability, integrity and efficiency of information systems.
- The first CTA project as a standalone entity is the development and rollout of a new, automated threat intelligence-sharing platform that enables Members to integrate real-time, actionable intelligence into their products to better protect global customers.
- In addition to expanding its founding Members, the CTA has added new affiliate Members, including IntSights, Rapid7 and RSA, who join existing Members Eleven Paths and ReversingLabs.
CTA Formalizes as an Independent Not-for-Profit Entity
Founded and actively sharing threat intelligence since 2014, the CTA has evolved to an independent organization with Michael Daniel as its President and a Board of Directors comprised of its six founding Members, Check Point, Cisco, Fortinet, Intel Security, Palo Alto Networks and Symantec. Daniel brings extensive expertise to the CTA in developing strategic cyber partnerships and programs that span the private and public sector, as well as other nations to build the most effective security solutions. The CTA’s move to an incorporated entity signifies the commitment by industry leaders to work together to determine the most effective methods for sharing automated, rich threat data and to make united progress in the fight against sophisticated cyber attacks.
Since inception, the CTA has regularly exchanged information on botnets, mobile threats and indicators of compromise (IoCs) related to advanced persistent threats (APTs), and advanced malware samples. Notable milestones of the CTA’s cooperative efforts cracked the code on CryptoWall version 3, one of the most lucrative ransomware families in the world, totaling more than US $325 million ransomed. The CTA’s research and findings pushed cybercriminals to develop CryptoWall version 4, which the CTA also uncovered and resulted in a much less successful attack, validating the power of the CTA’s cooperative threat intelligence sharing.
These coordinated efforts demonstrate that all Members of the CTA believe in protecting the common good of the Internet by sharing intelligence to combat sophisticated global cyberattacks. By bringing together industry competitors contributing their unique threat insights, the CTA builds a comprehensive view of important threat actors. With enriched understanding and enhanced protections against global attacks, members can better protect customers in real time and prioritize resources based on collective knowledge.
Information Sharing Platform Automates Collaboration on Contextual Threat Intelligence
With co-development from its six founding Members over the past year, the new CTA platform automates information sharing in near real-time to solve the problems of isolated and manual approaches to threat intelligence. The platform better organizes and structures threat information into Adversary Playbooks, pulling everything related to a specific attack campaign together in one place to increase the contextual value, quality and usability of the data. This innovative approach turns abstract threat intelligence into actionable real-world protections, enabling Members to speed up information analysis and deployment of the intelligence into their respective products.
To foster continued collaboration and incentivize meaningful threat data, the new CTA platform requires Members to automate their intelligence sharing contributions, meet a minimum contribution every day, and rewards contextualized, unique intelligence. Members will eventually be rewarded with greater levels of access based on the value and volume of the information they have contributed.
In addition to its core mission of coordinated information sharing, the CTA is also the first industry trade association designed by and exclusively for cybersecurity practitioners. Representing the collective voice of industry leaders, the CTA is committed to help shape industry best practices and continue to ensure that the most effective security is being delivered for individual customers and organizations around the world.
"The future of cyber security is here. The CTA collaboration will enable us to accelerate the pace of innovation as we work to protect the cloud, mobile and provide the best means for advanced threat prevention. "
Gil Shwed, founder and CEO, Check Point
“The CTA lets us better take the fight to the bad guys for the common good of the internet. Working together, we complete the bigger picture of what we know about important attacks giving us better protections against both large, global attackers and even more discrete, targeted threats. The CTA is a win for the good guys and a setback for attackers.”
Marty Roesch, chief architect, Cisco Security
“As a founding Member of the Cyber Threat Alliance, we strongly believe in this next level of commitment to help deliver automated, comprehensive threat intelligence to our global customers and all organizations. The CTA becoming a standalone organization signifies that the cybersecurity industry holds a collective responsibility to work together to prevent advanced, global cyber attacks by sharing meaningful threat findings. The best way to combat the negative impact of cybercriminals and best protect our customers is through cooperation and partnership based on actionable intelligence from diverse sources.”
Ken Xie, founder, chairman of the board and CEO, Fortinet
“We believe there is power in working together, as people, as products and as an industry. For the last three years, we have worked shoulder-to-shoulder with our Cyber Threat Alliance founding Members to share threat intelligence, build context around advanced threats, and provide our customers the benefits of our collective knowledge. This ongoing effort will help Intel Security customers build defenses that understand and counter complex attacks more quickly and effectively, throughout all stages of the threat defense lifecycle.”
Chris Young, SVP and GM, Intel Security Group, Intel Corporation
“As a founding Cyber Threat Alliance member since 2014 and consistent driver for automated threat intelligence sharing, Palo Alto Networks is pleased at the continued forward momentum toward collectively improving the industry’s defenses against advanced cyber adversaries. Our mission is to maintain trust in today’s digital world, and the collective intelligence from the Cyber Threat Alliance eco-system furthers our ability to enable our customers to successfully prevent cyber breaches.”
Mark McLaughlin, chairman and CEO at Palo Alto Networks
“Our greatest weapon in the defense against cyber attackers is the vast power of our combined data and insights. Possessing one of the world’s largest pools of threat data carries significant responsibility, and the CTA provides us with an important coordinating mechanism to enable rapid sharing of that threat intelligence with global businesses. In today’s hyper-connected world, a single piece of malware could cripple global economies or even put lives in danger. The technology investments we’re making as members of the alliance aims to strengthen the protection of people everywhere.”
Greg Clark, CEO Symantec
About the Cyber Threat Alliance
Co-founded by Check Point ® Software Technologies Ltd. (NASDAQ: CHKP), Cisco (NASDAQ: CSCO), Fortinet ® (NASDAQ: FTNT), Intel Security (formerly McAfee), Palo Alto Networks® (NYSE: PANW) and Symantec (NASDAQ: SYMC), the Cyber Threat Alliance is the industry’s first group of cybersecurity practitioners from organizations that work together in good faith to share threat information and improve global defenses against advanced cyber adversaries. The mission of the Cyber Threat Alliance is to raise the industry's collective, actionable intelligence and situational awareness about sophisticated cyberthreats to improve defenses for its respective customer organizations. For more information about the Cyber Threat Alliance, please visit: http://cyberthreatalliance.org/.
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 300,000 customers trust Fortinet to protect their businesses. Learn more at https://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
Copyright © 2017 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCloud, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, binding specification or other binding commitment by Fortinet, and performance and other specification information herein may be unique to certain environments. This news release contains forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.