AlienVault is releasing another major new feature called Private Groups in Open Threat Exchange (OTX) today. This new feature allows users within OTX to create a private group of other OTX users and control access to the threat data shared within that group. Threat data contained within the private group stays in the private group and is not shared more widely with the rest of the OTX community. This allows OTX users within the private group to collaborate with other security professionals in a tighter, more controlled way. There's a short video about it.
This enabling feature is modeled after the concept of Information Sharing and Analysis Centers, also called ISACs, that share threat information related to cyber and physical threats with their members. These ISACs have been in existence since the late 1990s and are a result of Presidential Decision Directive-63, signed into effect on May 22nd, 1998 by President Bill Clinton. The mission laid out is simple:
Protect the nation's critical infrastructures from intentional acts that would significantly diminish the abilities of the Federal Government to perform essential national security missions and to ensure the general public health and safety, state and local governments to maintain order and to deliver minimum essential public services, and the private sector to ensure the orderly functioning of the economy and the delivery of essential telecommunications, energy, financial and transportation services.
Since the introduction of the Directive in 1998, 24+ ISACs have been established to provide threat collaboration and information sharing and to assure the continuity and viability of critical infrastructures. This includes the Financial Services ISAC (FS-ISAC), Information Technology ISAC (IT-ISAC), and the Research and Education Network ISAC (REN_ISAC). Each ISAC is focused on a specific sector and only organizations in that sector can participate.
So, what about everybody else? ISACs provide critical information to their members. What’s the first rule of ISAC club? You don’t share information outside of ISAC club. Great for those organizations who are members. Not so great for those who are not.
With the new private groups functionality in OTX, we’ve made it easier for all organizations to more easily create their own ISAC-like groups without the overhead, cost, and infrastructure necessary to establish a place to share the information you need to better protect your infrastructure. Here are a couple of examples of how this new feature can be used:
- A researcher may want to collaborate with peers or friends within a specific industry on a new threat before sharing the data with the larger OTX community.
- A CISO may want to create an industry-specific or region-specific group to review or collaborate on recent threats targeting their industry or region so they can better combat those threats.
- Academic colleagues may want to collaborate with other academics on research projects and leverage the OTX framework and infrastructure to manage and control the threat information they have learned about.
- An ISAC that doesn’t have automated tools to keep track of and disseminate threat information quickly can leverage OTX and the new private groups function to host and distribute information to their members.
There are plenty of other examples too. If you have not yet signed up, you should. OTX is an open community that allows you to get updates related to the latest threats as well as collaborate with other security professionals to research and report activity you observe in your environments. AlienVault Unified Security Management (USM) customers automatically receive the threat intelligence of OTX through the USM console, enabling rapid detection of the latest threats.
There are now over 47,000 users today in the OTX community, contributing approximately 4 million artifacts every day. Of these users, over 17,000 participate in the collaborative OTX portal by contributing information to help the community.
And… It’s not only AlienVault talking about OTX. At Circle City Con 2016, security researcher Tony Robinson spoke very highly about OTX. You can see a video of his talk, entitled “Fantastic OSINT and Where to Find It” here.
Alex Pinto also featured OTX in his CTI Summit talk. Here’s a slide from his talk:
We are really excited about this new private groups feature and expect that our OTX community users will be as well!
AlienVault will demo this new version of OTX at Black Hat 2016 with some exciting new features– please visit us at booth 1016 on the Black Hat Business Hall. Hours are August 3: 10:00 – 19:00 and August 4: 10:00 – 17:00. AlienVault is a Platinum sponsor for Black Hat. I’ll be at Black Hat and hope to see you there. Stop on by our booth!