The future is no longer on a distant horizon: Mobility has overtaken the desktop as a fundamental part of how business is conducted; cloud adoption is prompting businesses to transform how they roll out applications and services with the promise of a more agile and automated IT infrastructure; IoT is connecting greater numbers of devices; and big data is gathering information on everything from telemetry readings of sensors to how many calories have been burned during an afternoon walk. The security implications among all of these elements are significant.
To address key security issues as they arise, several organizations, including our MTP partner Check Point Software Technologies, have banded together to strengthen and formalize a not-for-profit entity called the Cyber Threat Alliance (CTA). Through cooperative work and intelligence sharing, member organizations hope to enhance their products and, ultimately, their customer service by improving the security posture of those they serve. Check Point provided an in-depth overview of the CTA and why the company looks forward to helping lead the alliance to drive more comprehensive and timelier threat intelligence for all members and remain on the cutting edge of critical security issues. Below is a brief summary of the information. Visit the Check Point blog to view the full post.
What is the CTA?
The Cyber Threat Alliance (CTA) is an intelligence sharing marketplace where leading security vendors have joined together in good faith to equitably share campaign-based cyber threat intelligence to improve our products and boost the security posture of our customers. The CTA’s Guiding Principles are:
- For the greater good: Share intelligence to strengthen critical infrastructure and protect our customers.
- Time is of the essence: Prevent and circumvent attacks by sharing timely, actionable intelligence.
- Context is king: Prioritize the sharing of contextual, accurate intelligence tied to specific campaigns.
- Radical transparency: All intelligence is attributed and policies will always be published and clear.
- No pay to play: All members must share intelligence to extract intelligence from the CTA.
The enduring value is CTA members improve their products by gaining verifiable, actionable, near-real time indicators of compromise from the CTA’s intelligence marketplace. This in turn – and the overarching goal – makes customers more secure.
Is the threat intelligence good?
The CTA’s new threat sharing platform is highly sophisticated. The platform analyzes and validates the shared input to ensure excellent and useful intelligence is the produced output. All members must remain in “good standing” to receive threat intelligence from the CTA. To maintain good standing, members must submit a minimum-value of cybersecurity information each business day and will be assigned an ongoing “value rating” based on the information shared. Further, members must maintain the technical capabilities to share and receive information via the CTA platform. The minimum value of threat intelligence that members must share daily consists of:
- Indicators of Compromise such as: Observables like file text; Kill Chain Stage; Context such as malware name
- Contextual information such as campaign or threat actor
All submitted intelligence is evaluated by a value-based algorithm. The algorithm assigns points for every vendor submission, correlates it with other intelligence for mutual validation and points are added/subtracted based on correlation or contradiction by other members. The value of the data submitted by a vendor determines how much data the vendor can receive in return. A governing body oversees and manages the algorithm. This body will review and periodically update the algorithm to incentivize sharing and minimize gaming in the marketplace.
As output, participating members can choose what data they receive in return. The key options are:
- Which member submitted the data
- Affiliation with a threat actor
- Date of data submission or detection
- Verification/validation by other members
- Data type such as malware, domain
Clearly the algorithm is central to the platform in ensuring members “give to get” as well as ensuring the shared output is valuable. It is living algorithm which the CTA members oversee and manage for the benefit of all and to drive better security for all of our customers.
After thorough research performed by our mobile threat prevention (MTP) partner, Check Point, a new and alarming type of malware campaign has been identified. Known as Gooligan, this malware is used to generate ad revenue on the Android platform. Check Point noted that as of the end of November, Gooligan had breached the security of more than one million Google accounts, with an additional 13,000 devices being impacted each day.
As cybersecurity presents an increasingly complex and concerning environment for personal, business and government safety, attention to the secure use of mobile devices is more important than ever for individuals around the world. In fact, recent news of cybercriminals and hackers having connections deeply rooted in the Russian government, as well as the thousands of unauthorized “app stores” hosted in China, has underscored the growing number of threats in existence — and therefore a clear need to be proactive.
As secure enterprise mobility becomes an increasingly relevant business objective, IT executives and professionals are looking for ideas, insights and best practices on finding a better balance between employee preferences and company priorities. Therefore, it’s no surprise that we experienced such an uptick in attendance at Tech Orchard’s second annual Mobile Brew. More than 110 attendees from top Kansas City companies joined us at Boulevard Brewery for networking and a valuable panel discussion on mobility essentials.
The event kicked off as Mike McRoberts, Business Development Expert & Former Sprint Executive, shared a thought-provoking story about how IT teams can leverage the benefits of expanding their use of cloud services, especially for mobile initiatives. Then, Tech Orchard CEO Phil Poje addressed a panel of speakers about the challenges and opportunities around enterprise mobility management (EMM) and mobile threat prevention (MTP) in the workplace. Panelists included Keith Shaw, manager of security engineering and operations for H&R Block Inc.; Cora Belfiore, director of IT operations at Winston & Strawn LLP; James Robertson, owner of Core BT Solutions; and Randy Crenshaw, vice president of mobile technology at Tech Orchard.
KC Business Journal’s tech beat writer Leslie Collins captured some of the most valuable panel commentary in her article “Tech Orchard panel: How employers can address mobile security issues.” Attendees in the audience were able to ask questions and generate additional conversation about how they can better incorporate a comprehensive mobile strategy moving forward. Immediately following the conclusion of the panel, employees from our sponsor companies took the stage to share a little about their businesses. Sponsors included VMware, Check Point, Trabon, UPS, BalancePoint, Centriq Training, Netrality Properties, Network Technology Partners (NTP), Quark Studios and Source Inc. Wireless Solutions. Door prizes were given away to six lucky winners while everyone in attendance enjoyed tasty appetizers and local craft brews while networking with colleagues and peers.
With no sign of mobility adoption slowing across the enterprise, we’re already looking ahead to expanding our panel and attendance at our third annual Mobile Brew in the fall of 2017. If you had the opportunity to attend and have any outstanding questions that weren’t answered either by our panel or during your networking, please don’t hesitate to call or email Phil, Randy or Mila. If you weren’t able to attend, be sure to read our KC Business Journal coverage and reach out for assistance with any enterprise mobility needs you may have or expect to arise within your organization in the days ahead.
For complete photo coverage, check out our Facebook album with pictures of the event, attendees, prize winners, panelists and more!
As a working adult in the Kansas City area, it’s highly possible that your health insurance provider is Blue Cross and Blue Shield of Kansas City. If so, you may have recently received a letter from the company highlighting the fact that one of its service providers was hit with a data breach. Therefore, your member information may have potentially been exposed.