By Samantha Madrid, CTA Board of Directors

As I prepare to bid farewell to the Cyber Threat Alliance (CTA), I want to take a moment to reflect on the impactful mission that drives this remarkable organization. The CTA has been at the forefront of enhancing cybersecurity by fostering community defense and collaboration among industry leaders. My four-year journey as a board member has been a fulfilling experience, and I am grateful for the opportunity to contribute to our shared mission.

The mission of the CTA is clear: to unite the cybersecurity community in the fight against cyber threats. In a world where cyber risks are constantly evolving, our collective strength lies in our ability to collaborate effectively. By building an environment of trust and cooperation, we have empowered organizations to share critical threat intelligence. This sharing not only strengthens individual defenses but also enhances our collective resilience against adversaries.

During my time on the board, I have witnessed the tangible impact of our initiatives. From information-sharing platforms to educational programs, we’ve made significant strides in advancing our understanding of threats and enhancing our response capabilities. The dedication and expertise of the CTA community have been nothing short of inspiring. It serves as a reminder of what can be accomplished when we come together to defend against common challenges.

I am particularly honored to have been the first woman ever elected to serve on the CTA board. While this milestone is meaningful to me, it also symbolizes the potential for greater diversity in leadership within our community. I hope my presence has encouraged more voices to join us at the table, enriching our discussions and decision-making processes.

The collaborative spirit of the CTA has allowed us to address complex challenges in innovative ways. By sharing knowledge and resources, we have built a strong foundation for community defense. It is through this cooperation that we have been able to take proactive measures in tackling emerging threats and vulnerabilities.

As I transition to new opportunities, I am excited to see how the CTA evolves and continues to lead the charge in community defense and cybersecurity innovation. The relationships I have built and the lessons I have learned will remain with me as I move forward.

Thank you to everyone at the CTA for my incredible journey and for your unwavering commitment to our mission. Together, we have made a meaningful difference in protecting our digital world, and I look forward to seeing the continued impact of our efforts in the future.

The post Thank You To CTA! appeared first on Cyber Threat Alliance.

By Sergio De Los Santos, Head of Innovation and Labs at Telefonica Tech

Despite the overwhelming challenges we still face in the world of cyber security, we have come a very long way since the early days of cyber security. Starting from those challenging early days at the turn of the century, when attackers were roaming around user systems and thwarting the industry, we are now much more aware and better equipped to fight back more effectively against attackers. This is thanks to the growing expertise and better technology, but, above all, thanks to a mature industry, which is much better prepared overall to combat the threats. What exactly does this improvement in the industry consist of?

One of the keys to having succeeded in raising the level of effectiveness in the industry is in fact mutual support. It is not possible to create a strong industry without the cooperation between the different personas, which leads to a strong community that supports each other. There is no point in fighting wars separately. A very positive thing in today’s defense industry is the acknowledgement that collaborating as a community is an advantage and beneficial to all of us. Communicating knowledge, sharing information, partnering to work more efficiently, reporting new discoveries, or even admitting attacks with transparency. All of this is already part of the routine activities that the industry carries out without any complexes, thereby benefiting the rest of us. Thanks to this we can be successful and enjoy clear benchmarks.

Telefónica Tech clearly believes this and our contribution to CTA is a good example of this. Having a place to share information, contextualize it and contribute to improving the security of customers and, therefore, of the entire community, is something that has proven its effectiveness many times over, both to defend our customers’ and our own infrastructure and devices.

This does not mean that such relationships will stop the problems, but it does mean that without such a community defense, the difficulty of keeping ourselves protected would be significantly greater by several orders of magnitude. Attackers have also evolved, they have collaborated with each other, and they have become sophisticated enough to pose a serious threat that we must keep fighting. But we have the tools to confront them, both technically and in terms of collective knowledge. After all, alone we can go faster, but together we can go further.

The post Fostering Community Defense: Together We Can Go Further appeared first on Cyber Threat Alliance.

By Moto Yamamura, COO, SecureBrain

In February 2019, SecureBrain formalized our membership and joined forces with Cyber Threat Alliance with the intent to sharing cyber threat intelligence with top security vendors around the world. When it comes to cybersecurity, knowledge about up-and-coming cybersecurity threats is crucial. We at SecureBrain are dedicated to staying on top of global cybersecurity shifts.

At SecureBrain, we believe that sharing cyber threat intelligence is critical when developing and providing security solutions to our customers. Through our membership with Cyber Threat Alliance, we share cyber threat intelligence with many of the top security vendors across the globe and better help protect our customers against new cyber-attacks.

SecureBrain specializes in providing cybersecurity solutions designed to protect enterprises’ web applications from cybercrime such as phishing and web hacking. We have built our own advanced security research center and have initiated multiple joint research projects to continuously innovate and develop cybersecurity solutions and software to protect against global cyber threats. To ensure that we provide the best protection to our customers, it is important for us at SecureBrain to be on top of global cybersecurity trends and threats and collaborate with the world’s key cybersecurity players. Through our strategic decision to join CTA, we are eager to share information with top security vendors from across the globe.

Our partnership with CTA allows us to gain information about the latest cybersecurity trends across the world from top security vendors using a central intelligence depository. In turn, we aim to provide cybersecurity support to companies across Japan. Likewise, the partnership opens a conversation regarding the threats that are local to each country. Through this exchange of security intelligence, we believe our partnership fortifies the cybersecurity field.

Through our partnership with CTA, we are confident that we will grow more as a cybersecurity provider and look forward to continuing strengthening our partnership with CTA.

The post SecureBrain: Aligning with the CTA appeared first on Cyber Threat Alliance.

Written by Joe Chen, VP of Engineering, Broadcom

Five years ago, Symantec, now an enterprise division of Broadcom, proudly became a founding member of the Cyber Threat Alliance as a not-for-profit organization. CTA was founded with the mission to share threat information and better protect the mutual customers of our members. It is important to view CTA objectively, even as a founding member, so each year, we evaluate our CTA membership. We ask ourselves: Are our customers receiving faster protections? Are we as CTA deploying protections to all control points for our shared customers?

What was a vision is now a reality. In the nearly two years since the pandemic began, we were happy to see CTA gained ten members. CTA members are international and represent different industries. Each member brings a unique perspective and context to their threat intelligence. As CTA members, we get access to over 1 million indicators of compromise with context per week through the Magellan platform. What each member does with the intelligence is up to them. This is a sticking point for CTA; a benefit not easily replicated on the outside.

Along with the automated sharing platform, we value the vast human-speed sharing that takes place. CTA’s unique early sharing program enables members early access to research from other members. This allows members to check and add protections before the rest of the industry even sees the research. When customers ask us about newly published research, we can truthfully tell them we have already seen it and have protections. At Symantec we make a goal to share all of our research with CTA before publication.

Regular sharing and collaboration builds trust. In July 2021, a ransomware campaign targeting Kaseya’s VSA product was discovered. Threat researchers and analysts from CTA members sprung into action, joining calls to share ideas, and exchanging research and threat indicators. You would have never known this was a group of direct competitors working together.

Over the past five years, we continue to see that the sharing that happens in CTA benefits us, our fellow members, but most importantly, it benefits our shared customers against cyber actors. Our customers expect us to work together so their systems run seamlessly. At Symantec, we are proud to share our research and intelligence with CTA for the greater good, and we are happy with the intelligence we receive in return. In the next five years, my hope is that CTA continues to grow and other members of the cybersecurity industry join us in realizing these benefits. Happy anniversary, CTA!

The post Symantec, Enterprise Division of Broadcom, Celebrates CTA’s 5th Birthday appeared first on Cyber Threat Alliance.

Written by Kathi Whitbey, Principal Business Operations Manager, Unit 42

As I reflect on the last five years following the creation of the CTA, I am humbled by the growth, cooperation, and respect that our organization has developed from the simple idea that the only way to beat our adversaries was to find a way to work together. I can still remember the first day I walked into Palo Alto Network’s Unit 42 six years ago. Coming into cybersecurity after a long career in US government contracting and building large custom software programs, I was nervous, to say the least. What did I know about cybersecurity?

Then the whirlwind began! My cubicle sat outside the office of Palo Alto Network’s former Chief Security Officer, Rick Howard’s office in Reston, VA. A few weeks after being hired, Rick called me into his office and declared, “We have this project we’re working on and we need your help.” Off to California we went and next thing I knew I was sitting in a conference room with CEOs and CSOs from the best cybersecurity companies in the world talking about how to build an organization where threat intelligence would be openly shared for the good of everyone. They knew then, as we’ve proven all along, we don’t compete on our threat intelligence, we compete on what we do with it once we have it! 

I count myself very lucky to have been involved in the development phase of the CTA in those early months. I work for a company that really walked the walk, from our CEO on down; a company that believes completely in the mission. I drank the proverbial Kool-aid, so to speak, and began my crash course in all things cybersecurity. We brought in a consulting firm to help us form the legal entity that is now the CTA, a non-profit organization with a strong, representative membership. After a whirlwind year filled with meetings, conference calls, and more flights to California than I can remember, we were able to celebrate the legal beginnings of what the CTA was and still is today.

Since its founding, the CTA has continued to grow both its membership and capabilities. The information sharing platform we use is now in its 3rd iteration. We’ve grown from eight members to the current 34. Bringing Michael Daniel in to run this organization has proven to be a smart move. The staff and other incredible minds he surrounds himself with daily only boosts the mission. Our growth and resources are something a conference room full of CEOs six years ago could have only dreamt of. We made their vision come true.

The CTA has shown that together we can do more. We have proven that collaboration can – and does – make us all better equipped to provide protections for all our customers, while still remaining fierce competitors. We have accomplished this by sticking to the original guidelines set forth by our founding members, which are:

1. Everyone must share. No free-riders. One must give in order to receive.
2. What we do share has to be usable information. Not one of us has all of the information, but together we can build a pretty complete picture of what our adversaries are up to.
3. Sharing is done in a structured format that includes contextual information around the indicators that helps to tell the complete story.

All member companies have the ability to help shape where the CTA goes from here. Through committee work and special projects, member companies can stay active in the progress and direction of the organization, and work to help shape the future of cybersecurity success across the globe. We all benefit from the insights brought to the table from such a diverse group of cybersecurity professionals. Our adversaries are constantly adapting; with the input of the member companies, the CTA remains well positioned to keep up with the changing threat landscape. As I reflect upon my career, there is nothing I am prouder of than my participation in the CTA. It’s a rare thing for most people to see an idea grow into a successful organization like this, and to know there is so much more to be done. We’ve only just started. Congratulations on this milestone birthday, CTA. I am looking forward to what the next five years has in store for us all.

The post Happy 5th Birthday Cyber Threat Alliance! appeared first on Cyber Threat Alliance.

Written by Jason Min, Head of Business Development, Check Point Software Technologies

As Check Point celebrates the 5^th birthday of the Cyber Threat Alliance, we are honored to continue our partnership with them. Check Point became a Charter Member because we strongly believe in the CTA’s mission to improve the overall security of the global digital ecosystem. Check Point has been a world leader in cyber security for three decades. As the world has become more connected and digitized, the threat landscape is radically evolving. State-sponsored adversaries and hacker groups are working together to cause harm and disruption. The security companies and community need to work together to disrupt malicious actors and keep the world protected. As a Charter Member, Check Point is at the forefront of protecting end users and elevating overall security.

All members of the CTA have distinguished backgrounds and strengths to combat cyberwarfare. Utilizing our leading research arm, Check Point Research, Check Point is finding and sharing global cyber attack data to the entire CTA community. We understand that we all need to work together and are committed to the shared goal of protecting the world from nefarious hackers and state-sponsored adversaries. In 2022, we intend to take many steps to make the world a safer place including increasing our leading Check Point Research publications and expanding our threat intelligence via new members and increased sharing. Ultimately, these CTA publications and increased intelligence sharing accelerate the prevention of new cyber threats to keep users secure.

Check Point sees the CTA going to new heights in 2022. We want to accelerate the CTA’s impact and global reach to keep up with the pace of digital globalization and thwart hackers. We want to increase our data sources and threat telemetry across the cloud, network, and endpoints throughout the world. The CTA’s future is very bright and we will continue to do our best in advancing the organization to new heights and making the world a safer place.

The post Check Point Software Technologies Celebrates the Cyber Threat Alliance’s 5th Birthday appeared first on Cyber Threat Alliance.

Written by Rick Howard, CSO, Chief Analyst, and Senior Fellow at CyberWire

Back in 2013, I had just taken over as the Chief Security Officer for Palo Alto Networks. Literally, I was weeks in the job, when my boss, Mark McLaughlin, the CEO, called me into his office to assign me a special project. He and Ken Xie, the Fortinet CEO, and one of Palo Alto Networks’ biggest competitors, had an idea.

The two companies were in a protracted legal dispute about some technical issue within each of the company’s products. Fortinet thought that Palo Alto Networks had stolen some of their tech and Palo Alto Networks thought that Fortinet had stolen some of theirs. Both sides were preparing to pay lawyers a metric ton of money to resolve the issue in court.

The headquarters for the two firewall companies were located close to each other  in Silicon Valley; so close, that employees could engage in a rock throwing contest If they wanted to. The two CEOs agreed to sit down at a local Starbucks to see if they could resolve the legal issue themselves without going to court. On a handshake, both CEOs agreed to throw the legal case out and to instead, spend the money that they were going to give to the lawyers on something that would benefit the cybersecurity community.

Let me say that again. On a handshake, these two remarkable leaders decided to throw out a lawsuit, against their despised competitor, and do something good for the public good. That never happens, and yet, that’s what they did. Remarkable.

Their big plan was to create an ISAC, an information sharing and analysis center, for security vendors. ISACs had been around since the late 1990s for various business sectors but the security vendor sector never established one because, mostly, security vendors hated each other. For other ISACs, all participants saw the mutual benefit of sharing threat intelligence with each other because the bad guys targeted them as a group. That wasn’t the case for security vendors. They didn’t like each other, they definitely didn’t trust each other, and most believed that the threat intelligence produced by their internal teams gave them an edge in the marketplace. There was no way that they would share it with their competitors.

When I walked into Mark’s office that fine day, he handed me this tangled Gordian knot of security vendor distrust and said, “Don’t let this fail.” The very next week, I was in Singapore representing the company at some conference and I reached out to my counterpart at Fortinet: Derek Manky. Apparently, he was handed the same knot that I was handed from his boss. I suggested that we meet and discuss a way forward. Amazingly, Derek was at the same conference in Singapore that I was and we met that night for dinner.  That was the start.

Through a lot of hard work from the founding member representatives, all handed their respective Gordian knots and parallel “Don’t let this fail” missions, we spent time the first couple of years building trust from the ground up while we determined what a security vendor ISAC would look like. I think the big trust-building breakthrough came when we realized that the threat intelligence we each individually collected was not the thing that was valuable to our respective customers. The thing that was valuable was what we did with the intelligence. In other words, how did we each use that intelligence to better protect our customers with our products. That was the key.

And now, seven years later and five years after forming a nonprofit, the CTA is still going and growing strong. I guess we did untangle that Gordian knot.

The post “Don’t let this fail:” The founding of the Cyber Threat Alliance appeared first on Cyber Threat Alliance.

Written by Matt Watchinski, VP, Global Threat Intelligence Group, Talos, Cisco

Cisco Talos sets out every day to make the internet a safer place.

But we can’t always fight the good fight alone.

That’s why we are so proud of what we’ve accomplished with the Cyber Threat Alliance, which turns 5 years old today. We set out to co-create the CTA five years ago so that the largest cybersecurity companies in the world could coordinate and share vital information that can protect users across the globe.

The CTA allows us to share our intelligence ahead of publishing time — through automated means and  early copies of security research — so that other organizations can craft detection and prevention for their customers, and vice-versa. This allows all of us to create a safer cyber space for all.

For example, when Talos researchers discovered that attackers were exploiting some well-known vulnerabilities in Microsoft Exchange Server to deliver the Babuk ransomware, we used the CTA to share our research with partners before we went public with that information. That gave other security company members like Palo Alto, Checkpoint and Fortinet time to process our research and make sure their customers were protected.

That way, they were a step ahead of the bad guys by the time we made our research public, and the attack surface for bad actors became that much smaller.

The same goes for Talos detection — when we receive intelligence via the CTA, we craft detection for Cisco Secure products and solutions so when partner companies publish their research our customers are already protected.

Outside of company security research, the CTA also offers member companies access to intelligence from U.S. government agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and other Information Sharing and Analysis Centers (ISACs) that may never make it out for public consumption.

We started the CTA with just a handful of partners. Today, there are 34 member organizations, who all share the same goal of protecting users everywhere and we continue to recruit additional members. While we all may be competitors at some level, what we have built over the last five years is an amazing amount of trust in the industry. Security isn’t an individual effort — it’s a team sport, and you must trust the person next to you to be an effective team.

That way, when large-scale security events like Log4j and NotPetya occur, the security community is ready with a coordinated response.

The CTA is also an outspoken proponent of global, coordinated response to cyber threats. As we wrote in a blog post earlier this year regarding ransomware attacks, “Both governments and the private sector will have many challenging moments as we move to combat these threats. Now more than ever, wisdom and level heads are needed to find the appropriate levers of government and the private sector, and to apply those levers effectively against the threat.” That is something we strive for every day with our CTA members in partnership with federal and global government agencies.

Talos is proud to continuously support the CTA and its information-sharing programs. If your organization is interested in becoming a member, visit https://www.cyberthreatalliance.org/membership.

The post Talos celebrates the Cyber Threat Alliance’s 5th birthday appeared first on Cyber Threat Alliance.

Written by the TEHTRIS Team

TEHTRIS understands that there is strength in numbers and has chosen to join the Cyber Threat Alliance, alongside other experts in the field, to share our unique, high value-added threat intelligence markers in order to contribute to a safer digital world.

The professionalization of ransomware groups, the maturity of attackers, and their new organizational capacity (cartel formation, RaaS, etc.) justify the importance of joining forces to better anticipate, prevent, and neutralize threats.

One of the emerging threats of the last 12 months is undeniably the threat to software supply chains. The attacks against SolarWinds and Kaseya impacted more than 20,000 large companies and administrations worldwide, including very sensitive entities such as certain critical government services. The side effects of these two attacks are still causing collateral damage.

It is clear that both attacks were orchestrated and carried out by extremely powerful, organized, and wealthy groups, possibly sponsored by states. And while attacks by APT groups remain among the most complicated to detect, some traces (such as TTPs or malware used) could have alerted cyber analysts. The importance of CTI is therefore no longer in question, and the obviousness of mutualization is no longer in question. If all the players who knew the latest TTPs of these hostile groups had shared them, it might have been easier to react timelier.

What is the Cyber Threat Alliance?

The Cyber Threat Alliance defines itself as “a nonprofit organization that strives to improve the cybersecurity of our global digital ecosystem by enabling the sharing of high-quality, near-real-time cyber threat information among businesses and organizations in the cybersecurity field.” The primary objective of the CTA is to give each member access to quality cyber intelligence via a shared platform maintained by the consortium. This platform automates the collection and contextualization of information on threats. Thus, intelligence that was previously abstract or unknown to some, becomes concrete, contextualized and immediately exploitable: we speak of actionable cyber intelligence, and improving analysis, detection, and deployment of response strategies for improving protection technologies.

As noted by Michael Daniel, CTA President & CEO, “Regardless of size, regardless of capability, no organization has complete visibility into the Internet or cyberspace. Different companies and organizations have different perspectives, information sources and monitoring methodologies. Yet threat analysis and mitigation benefits from as broad and diverse an information base as possible. Therefore, sharing threat intelligence is a critical component of effective cybersecurity. It’s the only way to get the visibility you need and deliver effective products and services to customers.”

In response to the Kaseya ransomware attack, CTA members were able to share information and analysis about this incident via the Early Sharing program. They highlighted the zero-day attack against MSPs using the VSA product and the attack on the service supply chain that leverages the VSA platform. The CTA collected threat reports, blog posts, protection tips and proposed mitigation measures.

TEHTRIS and CTA

TEHTRIS, which has long understood the importance of integrating context into its detection, decided to share with other specialists in the field in order to improve industry detection capabilities. Therefore, we share with CTA cyber intelligence collected by our own unique and innovative technology. Because we are as close as possible to the endpoint and the user, the preferred targets of attackers, we are able to provide an extremely precise vision of a threat.

In return, TEHTRIS CTI can benefit from the cyber-intelligence produced by other professionals from other sectors, and can therefore better protect our customers. This is a real added value that we are able to bring to our partners and customers.

The latest attacks show the need to have more robust solutions. TEHTRIS is proud to participate in a global strategy to promote and improve cybersecurity worldwide. We appreciate that all CTA members must contribute in threat intelligence sharing, which is a core principle of the alliance.

TEHTRIS takes the appropriate course of action to share intelligence that contributes to strengthening cyber defense. TEHTRIS develops synergies between actors from different sectors of activity, from different geographical areas, and thus strengthens the integration of European countries in the global economic fabric, and promotes a rise in competence in the cyber ecosystem. Europe has reached maturity in cyber and we strive to stand out by proving our ability to react to a threat and by making contributions within the framework of the CTA.

TEHTRIS is honored to share our skills, expertise, and intelligence with CTA. We are determined to work together with other partners to fight against cybercrime. We value highlighting Europe’s involvement in the construction of a Cyber Intelligence strategy. We are demonstrating our place as a digital power; we must now count on this alliance as a major player in the strategy to fight cybercrime.

The post Cyber Threat Intelligence: Teaming Up for Ever More Secure Cybersecurity appeared first on Cyber Threat Alliance.

Written by Devin Lynch, Senior Director, Policy & Government Affairs, SecurityScorecard

As CISA’s 4th Annual National Cybersecurity Summit concludes this week, the theme for the final day is “The Power of Partnerships.” Before national cybersecurity month concludes, we should take a moment to join CISA and consider the power of partnerships.

We all want the same thing: to improve the overall cybersecurity of the global digital ecosystem. In order to make the cyber world a safer place, though, we must transform the way we communicate cybersecurity risks, and we can only achieve this through the power of partnerships.

Partnerships create the trust and information-sharing ecosystem that are necessary to protect end-users―from industry, to the Federal government, to our customers―against malicious cyber actors. Whereas a bank robber needs to study the blueprints of each bank and create a new plan to execute if he wants to rob multiple banks, a cyber threat actor can use a single vulnerability to penetrate numerous systems with a single weapon. Our individual security is therefore dependent on a communal approach.

Information sharing partnerships like the Cyber Threat Alliance are able to provide early indicators and warnings of cyber threats, allowing companies to stay ahead of risks posed to their own systems and by those of their third-party vendors. This valuable service is increasingly important today, as the COVID-19 pandemic continues to keep many of our critical―and even more of our mundane―activities online.

It is the power of partnerships like CTA that allow the security community to collaborate and share information about malicious cyber actors before they impact our information systems. Working together with our partners, we are able to better identify and respond to cyber incidents. This allows us all to reduce the overall effectiveness of these attacks, and protect our customers and our intellectual property.

And, it is the power of partnerships that will help us elevate the overall cybersecurity of the global marketplace, and promote technologies and policies that build resilience into, and improve the health of, the cyber ecosystem.
SecurityScorecard is a proud member of the Cyber Threat Alliance because we accept the simple premise that if we all want a safer, more resilient cyber ecosystem, we must continue to collaborate, communicate, and coordinate against the threat actors facing us. If we want to achieve our shared goals, we need to work together.

That is the power of partnerships.

The post The Power of Partnerships appeared first on Cyber Threat Alliance.