The Cyber Threat Alliance, a group of security firms that often compete, is seeking to expand. In an effort to recruit more members, the Cyber Threat Alliance is announcing that it’s become a not-for-profit. In addition, a former White House official will be its new leader.
Rivals including Fortinet, Intel Security, Palo Alto Networks and Symantec originally entered into the alliance over two years ago, even as doubts arose over whether it would last.
The intelligence sharing between the vendors will also accelerate. Before it was done manually, and involved sharing 1,000 malware samples each day. But alliance members have built a platform that will now automate the information sharing in real-time.
For customers, it means their security software will better detect cyber threats, and more quickly. By sharing intelligence, the security vendors are essentially pooling their resources to gain a more complete picture of today’s cyber threats.
“I think it should make the bad guys nervous,” said Joe Chen, Symantec’s vice president of engineering, on Monday.
The alliance has also added two new founding members, security firm Check Point and Cisco Systems.
Cisco joined to gain a greater reach to stymie the hackers, said Matt Watchinski, a senior director at the company’s Talos security group. Now, Cisco can share preventive tips that will be used not just in its own patches but in security software from many of the leading vendors.
“We’re going to be able to attack these guys and put them in a much smaller box, because of the reach of this entire group,” he said.
It’ll take time to see how effective this new stage of the alliance is in thwarting cyber attacks. But the prior intelligence-sharing efforts have bolstered Intel Security’s ability to detect some serious hacking attempts.
In one case a few weeks ago, Intel Security was able to quickly spot a critical infrastructure attack against a customer by using data that came from another alliance member, said Vincent Weafer, vice president of Intel Security’s McAfee Labs.
“We were able to make a real difference against real threats, by linking the information together,” he said. “It reduces the time to identify and see these issues.”
If not for the alliance, it might have taken a few weeks to spot the attack, perhaps by relying on a public advisory from the FBI or US-CERT -- too late to prevent the hacking attempt, Weafer said.
To ensure the Cyber Threat Alliance remains independent, the group members sought a neutral party to lead it, and chose Michael Daniel, a former White House cybersecurity coordinator.
Alliance members are hopeful other security vendors will join. “We want you to ask every security vendor why they’re not a member of the Cyber Threat Alliance,” said Rick Howard, chief security officer of Palo Alto Networks.