The post CTA in Focus (December 2025) appeared first on Cyber Threat Alliance.

The post CTA in Focus (June 2025) appeared first on Cyber Threat Alliance.

The post CTA in Focus (March 2025) appeared first on Cyber Threat Alliance.

The post CTA in Focus (December 2024) appeared first on Cyber Threat Alliance.

By Michael Daniel, CTA President & CEO

The September 11^th attacks changed our view of physical security.  As a result, everyone had to invest more in protecting their people and facilities.  At the time I was in charge of the Office of Management and Budget’s Intelligence branch, and we received numerous requests to fund physical security upgrades.  What was interesting to me, though, was that the proposed investments were not consistent.  Some agencies requested funding to concentrate their people and facilities in one location, because consolidation would allow them to protect those people and buildings more effectively and reduce risk.  Other agencies asked for funding to spread out their people and buildings, because having them all in one location was too risky.  These varying approaches to physical security reflected a tension between two types of risk, complexity and concentration, and which one to prioritize eliminating.  There is not necessarily a “right” way to resolve this tension; rather, leaders have to continuously make choices about which risk is most important to address at a particular time.

This same tension plays out almost every day in cybersecurity.  Complexity is the enemy of cybersecurity, but so are monocultures and flat networks.  In an ideal world, organizations would have just enough complexity in their networks, applications, and tools to make it challenging for the adversary, but not so much complexity that it interferes with productivity or the ability to defend against threats.  Sourcing your cybersecurity from multiple vendors helps ensure that you are protected against a wide array of threats, but if those vendors don’t work well together, then those benefits may be outweighed by the complexity of being your own integrator. Organizations face both complexity and concentration risks in their cybersecurity efforts. At any given point, they have to decide which risk to prioritize reducing. 

CTA helps cybersecurity providers navigate their version of the concentration versus complexity trade off.  We want cybersecurity providers to gain the benefits of concentration through threat intelligence sharing, while avoiding the risks associated with single points of failure.  Conversely, we enable members to share threat intelligence with low friction, thereby reducing complexity, yet still retaining their unique perspectives and capabilities.  All of CTA’s activities balance this mix of complexity and concentration. 

These characteristics are hallmarks of Community Driven Defense, the theme of this quarter’s newsletter.  This kind of defense requires organizations to work across boundaries without concentrating security in just one company or platform. It’s not an easy task. Reducing complexity enough to make effective cybersecurity possible without elevating concentration risk too high is delicate balance.  Organizations dedicated to this purpose, like CTA, make this task just a little bit easier and it’s one of our primary roles in the ecosystem. I hope you enjoy reading about why and how our members are contributing to making Community Driven Defense a reality through CTA.

The post Making Community Driven Defense a Reality appeared first on Cyber Threat Alliance.

The post CTA in Focus (September 2024) appeared first on Cyber Threat Alliance.

The post CTA in Focus (June 2024) appeared first on Cyber Threat Alliance.

The post CTA in Focus (March 2024) appeared first on Cyber Threat Alliance.

The post CTA in Focus (December 2023) appeared first on Cyber Threat Alliance.

The CTA community knows that we are stronger together. Read on to find out why.

Protect

“Our strength comes in our numbers. That’s why we take our participation in CTA so seriously. It’s why we contribute the threat intelligence that we do and why we have a roadmap for improving the information we share with other members.” — Scott Lambert, VP Threat Intelligence, ReversingLabs

CTA’s core value proposition of threat intelligence sharing comes in two distinct flavors: automated sharing of STIX-based threat intelligence through our cutting-edge platform, and human-to-human sharing and engagement within CTA’s trusted community.

With respect to our automated sharing, CTA’s geographically diverse and inclusive approach where all members sit on a level playing field is a major value-add, according to Sheba Grace, Vice President of India-based K7 Computing, in that it allows K7 to access data from a wide variety of world-leading cybersecurity providers and to “place the quality of [K7’s] intelligence in a global context.” As the size of our membership continues to grow and the capabilities of CTA’s automated sharing platform, Magellan, continue to mature, the defensive value of such diverse data to our members is only going to grow.

The value of our early sharing program, according to Ryan Olson, VP Threat Intelligence at Palo Alto Networks’ Unit 42, comes about in large part because “having access to a CTA member’s threat research before it’s published gives everyone an opportunity to confirm protections for their customers are in place as quickly as possible.” However, human-speed engagement among CTA’s members goes beyond early sharing and associated validation, since member researchers can also pose questions and engage in discussions around hot topics and emerging threats, both in real time during CTA committee meetings and asynchronously through our Webex channels.

Disrupt

“The threat intelligence collaboration NTT enjoys with our CTA partners serves as a force multiplier … [so] we can act faster and more effectively to minimize harm to our clients.” — Mark Thomas, Senior Threat Intelligence Director, NTT Ltd.

Part of the rationale behind creating CTA, according to Derek Manky, Chief of Security Insights and Global Threat Alliances at Fortinet’s FortiGuard Labs, emerged from an awareness that “adversaries were forming their own cyber ecosystems … [so] defenders needed to organize … to keep up.”

Whereas previously, individual organizations were forced to confront cyber adversaries either individually or through ad hoc partnerships, CTA has made it possible for the industry to start “taking the fight beyond just analyzing and blocking … attacks,” to a point where CTA members can work collaboratively to support and directly engage in threat disruption activities. In particular, notes Jen Miller-Osborn, co-creator of the MITRE ATT&CK framework and Deputy Director of Threat Intelligence at Palo Alto Network’s Unit 42, CTA’s Algorithm and Intelligence Committee, which serves as the collaborative hub for members’ threat researchers within CTA and supervises our early sharing program, is “one of the more active communities in this space, even offline, in terms of reaching out and sharing. It’s a win-win situation all around.”

Elevate

“CTA is the best collaborative platform out there in the private sector. I’ve been involved in other collaborative groups that have members in common with CTA and when those groups ask, ‘How do we improve?’ people often say, ‘Be more like CTA.’” — Imelda Flores, Head of SCILabs, Scitum (Cybersecurity Division of Telmex)

Both internally and in coordination with members and partners, CTA works to support, develop, and promote initiatives, policies, and programs of work that raise the level of security and resilience across the global digital ecosystem. For example, in early 2021 CTA released policy guidance for governments on how to more safely handle and disclose high-risk vulnerabilities, and co-sponsored a paper from one of our members, SecurityScorecard, advocating for a more sophisticated and robust approach to private sector cyber-risk disclosures. This kind of work helps to drive recognition of CTA across the industry as a thought-leader not only in terms of our innovation around information sharing and threat disruption, but also around out work to advance the state of cybersecurity more broadly.

CTA’s engagement in initiatives such as the World Economic Forum’s Partnership Against Cybercrime and the Ransomware Task Force recently established by the Institute for Security & Technology are also, according to Derek Manky, “a logical next step for CTA and a logical next step in the fight against cybercrime.” Moreover, when CTA stands up and engages across the cybersecurity ecosystem, we do so not only on behalf of our members, but the cybersecurity industry as a whole.

CTA and the cybersecurity industry as a whole is stronger when we stand and work together. To learn more about CTA membership, contact us today.

The post Stronger Together appeared first on Cyber Threat Alliance.