Site icon Check Point Blog

Cyber Threat Alliance Marks New Era in Industry Collaboration and Customer Protection

The announcement by the Cyber Threat Alliance (CTA) at the RSA Conference is an important moment in the security industry.  It truly marks a new era of industry collaboration for the greater good through the sharing of threat intelligence to drive better protection for all member customers.

 

What is the CTA?

The Cyber Threat Alliance (CTA) is an intelligence sharing marketplace where leading security vendors have joined together in good faith to equitably share campaign-based cyber threat intelligence to improve our products and boost the security posture of our customers.  The CTA’s Guiding Principles are:

The enduring value is CTA members improve their products by gaining verifiable, actionable, near-real time indicators of compromise from the CTA’s intelligence marketplace. This in turn – and the overarching goal – makes customers more secure.

 

Why did Check Point join the CTA? 

While the Check Point Research team and many others around the world are doing great threat research work, the reality is that no single entity can know and understand every single threat globally.  Joining the CTA to share Check Point’s leading research with the excellent research from other leading vendors creates a more comprehensive and richer threat feed that drives better protection for our customers and for all CTA member customers.

Our primary mission at Check Point is and always has been to provide our customers with the best security possible.  Joining the CTA is a natural extension of our mission.  We are proud to be a Founding Member of the CTA, and as leaders in the industry, we believe it is our responsibility to drive such initiatives to improve the security for all.  This alliance could be a good foundation to improve market cooperation beyond the current and very important model for sharing threat intelligence.  Of course, without question, all vendors will continue to fiercely compete in the marketplace on product excellence and innovation, but the time has come to formally and openly share threat intelligence for the betterment of all member customers.

 

But the CTA has existed for a couple years now.  What’s new?

Up till now, the CTA was nascent and did not bring enough value.  The members shared only a few thousand indicators a day which is truly a drop in the ocean vs. the many millions of permutations of malware that occur daily.

Launched today with six founding members, CTA Inc. is formally established as a not-for-profit entity with a formal operating structure with member obligations and product.  Specifically:

  1. To share threat information in order to improve defenses against advanced cyber adversaries across member organizations and their customers
  2. To advance the cybersecurity of critical information technology infrastructures
  3. To increase the security, availability, integrity, and efficiency of information systems

While the CTA’s core mission is information sharing, the CTA will also be the first industry trade association designed by and exclusively for cybersecurity practitioners.  In this capacity, the CTA’s inaugural Board is committed to expanding CTA scope over time to further items 2 and 3 above by undertaking initiatives such as developing industry best practices.

 

Is the threat intelligence good?

The CTA’s new threat sharing platform is highly sophisticated.  The platform analyzes and validates the shared input to ensure excellent and useful intelligence is the produced output.  All members must remain in “good standing” to receive threat intelligence from the CTA.  To maintain good standing, members must submit a minimum-value of cybersecurity information each business day and will be assigned an ongoing “value rating” based on the information shared.  Further, members must maintain the technical capabilities to share and receive information via the CTA platform.  The minimum value of threat intelligence that members must share daily consists of:

All submitted intelligence is evaluated by a value-based algorithm.  The algorithm assigns points for every vendor submission, correlates it with other intelligence for mutual validation and points are added/subtracted based on correlation or contradiction by other members.  The value of the data submitted by a vendor determines how much data the vendor can receive in return. A governing body oversees and manages the algorithm.  This body will review and periodically update the algorithm to incentivize sharing and minimize gaming in the marketplace.

As output, participating members can choose what data they receive in return.  The key options are:

Clearly the algorithm is central to the platform in ensuring members “give to get” as well as ensuring the shared output is valuable.  It is living algorithm which the CTA members oversee and manage for the benefit of all and to drive better security for all of our customers.

 

Summary

Check Point is pleased to be a Founding Member of the formalized and legitimized CTA.  We look forward to helping lead this alliance to drive more comprehensive and timelier threat intelligence for all members and ultimately provide better protection for our and all member customers.

Click here to learn more.

Exit mobile version