The future is no longer on a distant horizon: Mobility has overtaken the desktop as a fundamental part of how business is conducted; cloud adoption is prompting businesses to transform how they roll out applications and services with the promise of a more agile and automated IT infrastructure; IoT is connecting greater numbers of devices; and big data is gathering information on everything from telemetry readings of sensors to how many calories have been burned during an afternoon walk. The security implications among all of these elements are significant.
To address key security issues as they arise, several organizations, including our MTP partner Check Point Software Technologies, have banded together to strengthen and formalize a not-for-profit entity called the Cyber Threat Alliance (CTA). Through cooperative work and intelligence sharing, member organizations hope to enhance their products and, ultimately, their customer service by improving the security posture of those they serve. Check Point provided an in-depth overview of the CTA and why the company looks forward to helping lead the alliance to drive more comprehensive and timelier threat intelligence for all members and remain on the cutting edge of critical security issues. Below is a brief summary of the information. Visit the Check Point blog to view the full post.
What is the CTA?
The Cyber Threat Alliance (CTA) is an intelligence sharing marketplace where leading security vendors have joined together in good faith to equitably share campaign-based cyber threat intelligence to improve our products and boost the security posture of our customers. The CTA’s Guiding Principles are:
- For the greater good: Share intelligence to strengthen critical infrastructure and protect our customers.
- Time is of the essence: Prevent and circumvent attacks by sharing timely, actionable intelligence.
- Context is king: Prioritize the sharing of contextual, accurate intelligence tied to specific campaigns.
- Radical transparency: All intelligence is attributed and policies will always be published and clear.
- No pay to play: All members must share intelligence to extract intelligence from the CTA.
The enduring value is CTA members improve their products by gaining verifiable, actionable, near-real time indicators of compromise from the CTA’s intelligence marketplace. This in turn – and the overarching goal – makes customers more secure.
Is the threat intelligence good?
The CTA’s new threat sharing platform is highly sophisticated. The platform analyzes and validates the shared input to ensure excellent and useful intelligence is the produced output. All members must remain in “good standing” to receive threat intelligence from the CTA. To maintain good standing, members must submit a minimum-value of cybersecurity information each business day and will be assigned an ongoing “value rating” based on the information shared. Further, members must maintain the technical capabilities to share and receive information via the CTA platform. The minimum value of threat intelligence that members must share daily consists of:
- Indicators of Compromise such as: Observables like file text; Kill Chain Stage; Context such as malware name
- Contextual information such as campaign or threat actor
All submitted intelligence is evaluated by a value-based algorithm. The algorithm assigns points for every vendor submission, correlates it with other intelligence for mutual validation and points are added/subtracted based on correlation or contradiction by other members. The value of the data submitted by a vendor determines how much data the vendor can receive in return. A governing body oversees and manages the algorithm. This body will review and periodically update the algorithm to incentivize sharing and minimize gaming in the marketplace.
As output, participating members can choose what data they receive in return. The key options are:
- Which member submitted the data
- Affiliation with a threat actor
- Date of data submission or detection
- Verification/validation by other members
- Data type such as malware, domain
Clearly the algorithm is central to the platform in ensuring members “give to get” as well as ensuring the shared output is valuable. It is living algorithm which the CTA members oversee and manage for the benefit of all and to drive better security for all of our customers.
From data mining and machine learning to VR (virtual reality) and AI (artificial intelligence), the tech industry is no stranger to its fair share of buzzwords. One that has dominated headlines throughout 2016 is IoT, or the Internet of Things. To put it simply, the IoT refers to the flourishing ecosystem of devices connected to the Internet that can generate, consume and exchange data via embedded sensors. Mobile devices, our focus here at Tech Orchard, are a critical part of this ecosystem.
Whether you’re an avid “From the Orchard” reader or simply view our blog from time to time, it’s likely you’ve noticed that we do our best to keep you out in front of major security threats and aware of ways to help combat them in your organization. While it’s probably no surprise that corporate-provided and BYOD (bring your own device) mobile assets pose a substantial risk to your company data, it’s important to understand that a balance between technology solutions and human solutions is the best way to protect your organization from harm.
As a working adult in the Kansas City area, it’s highly possible that your health insurance provider is Blue Cross and Blue Shield of Kansas City. If so, you may have recently received a letter from the company highlighting the fact that one of its service providers was hit with a data breach. Therefore, your member information may have potentially been exposed.
With third quarter 2016 well under way, many organizations are starting to prepare annual budgets for the coming calendar year. IT departments in particular are often faced with a large number of competing priorities that must be addressed and accounted for in this process. But with the continued rapid evolution of technology and mobile trends, prioritizing IT spending can be a serious challenge.