The future is no longer on a distant horizon: Mobility has overtaken the desktop as a fundamental part of how business is conducted; cloud adoption is prompting businesses to transform how they roll out applications and services with the promise of a more agile and automated IT infrastructure; IoT is connecting greater numbers of devices; and big data is gathering information on everything from telemetry readings of sensors to how many calories have been burned during an afternoon walk. The security implications among all of these elements are significant.
To address key security issues as they arise, several organizations, including our MTP partner Check Point Software Technologies, have banded together to strengthen and formalize a not-for-profit entity called the Cyber Threat Alliance (CTA). Through cooperative work and intelligence sharing, member organizations hope to enhance their products and, ultimately, their customer service by improving the security posture of those they serve. Check Point provided an in-depth overview of the CTA and why the company looks forward to helping lead the alliance to drive more comprehensive and timelier threat intelligence for all members and remain on the cutting edge of critical security issues. Below is a brief summary of the information. Visit the Check Point blog to view the full post.
What is the CTA?
The Cyber Threat Alliance (CTA) is an intelligence sharing marketplace where leading security vendors have joined together in good faith to equitably share¬†campaign-based¬†cyber threat intelligence to improve our products and boost the security posture of our customers.¬†The CTA‚Äôs Guiding¬†Principles are:
- For the¬†greater good:¬† Share intelligence to strengthen critical infrastructure and protect our customers.
- Time is of the¬†essence:¬† Prevent and circumvent attacks by sharing timely, actionable intelligence.
- Context is king:¬† Prioritize the sharing of contextual, accurate intelligence tied to specific campaigns.
- Radical transparency:¬† All intelligence is attributed and policies will always be published and clear.
- No pay to play:¬† All members must share intelligence to extract intelligence from the CTA.
The enduring value is CTA members improve their products by gaining verifiable, actionable, near-real time indicators of compromise from the¬†CTA‚Äôs intelligence marketplace. This in turn ‚Äď and the overarching goal ‚Äď makes customers more secure.
Is the threat intelligence good?
The CTA‚Äôs new threat sharing platform is highly sophisticated.¬†The¬†platform analyzes and validates the shared input to ensure excellent and useful intelligence is the produced output.¬†All members must remain in ‚Äúgood standing‚ÄĚ to receive threat intelligence from the CTA.¬†To maintain good standing, members must submit a minimum-value of cybersecurity information each business day and will be assigned an ongoing ‚Äúvalue rating‚ÄĚ based on the information shared.¬†Further, members must maintain the technical capabilities to share and receive information via the CTA platform.¬†The minimum value of threat intelligence that members must share daily consists of:
- Indicators of Compromise such as: Observables like file text; Kill Chain Stage; Context such as malware name
- Contextual information such as campaign or threat actor
All submitted intelligence is evaluated by a value-based algorithm.¬†The algorithm assigns points for every vendor submission,¬†correlates it with other intelligence for mutual validation and points are added/subtracted based on correlation or contradiction by other members.¬†The value of the data submitted by a vendor determines how much data the vendor can receive in return. A governing body oversees and manages the algorithm.¬†This body will review and periodically update the algorithm to incentivize sharing and minimize gaming in the marketplace.
As output, participating¬†members can choose what data they receive in return.¬† The key options are:
- Which member submitted the data
- Affiliation with a threat actor
- Date of data submission or detection
- Verification/validation by other members
- Data type such as malware, domain
Clearly the algorithm is central to the platform in ensuring members ‚Äúgive to get‚ÄĚ as well as ensuring the¬†shared output is valuable.¬†It is living algorithm which the CTA members oversee and manage for the benefit of all and to drive better security for all of our customers.
After thorough research performed by our mobile threat prevention (MTP) partner, Check Point, a new and alarming type of malware campaign has been identified. Known as Gooligan, this malware is used to generate ad revenue on the Android platform. Check Point noted that as of the end of November, Gooligan had breached the security of more than one million Google accounts, with an additional 13,000 devices being impacted each day.
Financial services, and banking in particular, is an industry that has been and continues to be impacted dramatically by the evolution of technology. From mobile deposits and money transfers through apps to smart ATMs, a number of conveniences have been created that continue to shape customer expectations and loyalty. In fact, Business Insider recently posted an interesting summary of how device preferences for performing banking activities is changing.
As enterprises began favoring the shift from software running on PCs to mobile devices connected to cloud services, Microsoft 365 was all but written off by many of its critics. Fortunately for Microsoft, their vision for remaking the company into a subscription provider whose customers rent, rather than buy, software is paying off. In fact, according to Skyhigh‚Äôs Office 365 Adoption & Risk Report issued in second quarter 2016, one out of every five corporate employees was using an Office 365 cloud service, up from less than 7 percent just nine months prior. Put another way, in the last two years Office 365 has eclipsed all other cloud providers to emerge as the most widely used enterprise cloud service by user count.
For companies with limited IT infrastructure, resources and support, the task of managing mobile devices can be perceived as costly and overly complex. Thanks to continued innovation and leadership in cloud infrastructure and business mobility, VMware has introduced a solution to eliminate these barriers to entry. AirWatch Express is a simple and affordable mobile device management (MDM) solution designed to get mobile devices up and running quickly by minimizing the technical steps typically needed for set-up and management.
Windows 10 is Microsoft‚Äôs first truly mobile operating system designed to work seamlessly across mobile devices and PCs. This mobile-first, cloud-first platform introduces a range of enterprise-ready features across the entire device lifecycle. As a Windows 10 Launch Partner vendor, VMware has been working with Microsoft from the beginning, with AirWatch incorporating EMM management tools for Windows 10 devices since day one of the rollout in July of 2015.