Threat sharing in the security industry remains mainly ad-hoc and informal, filled with blind spots, frustration, and pitfalls. Our vision is for companies and government agencies to gather and share relevant, timely, and accurate information about new or ongoing cyberattacks and threats as quickly as possible to avoid major breaches (or minimize the damage from an attack). The AlienVault® Open Threat Exchange® (OTX™) delivers the first truly open threat intelligence community that makes this vision a reality.
AlienVault OTX provides open access to a global community of threat researchers and security professionals. It now has more than 100,000 participants in 140 countries, who contribute over 19 million threat indicators daily. It delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from any source. OTX enables anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques, strengthening your defenses while helping others do the same.
Pulses provide you with a summary of the threat, a view into the software targeted, and the related indicators of compromise (IOC) that can be used to detect the threats.
Security research tends to be an insular process and rarely do individuals or groups share threat data with one another. This is due to lack of trust, internal policies, or simply the inability to get the information out to the masses. OTX helps to solve this problem with the ability to subscribe or follow the most trusted pulses in the community.
The traditional threat sharing model is a one-way communication between researchers/vendors and subscribers. There is no way for subscribers to interact with peers or threat researchers on emerging threats, as each recipient is isolated from each other. That’s why we built OTX — to change the way we all create, collaborate, and consume threat data.
When you join OTX, you get instant access to OTX Endpoint Security™ — a free threat-scanning service in OTX that allows you to quickly identify malware and other threats on your endpoints.
Powered by the AlienVault Agent, based on osquery, OTX Endpoint Security scans your endpoints for the presence of known IoCs, alerting you to any active threats. This free service is the first of its kind to natively take advantage of the IoCs catalogued in OTX without using other security products. So, you can immediately use OTX threat intelligence to assess your endpoints against real-world attacks on demand and as new attacks appear in the wild.
Most threat data sharing products or services are expensive and/or overly complex. Users often find themselves buying multiple services since the traditional, isolated, approach to threat data limits their ability to export threat data from one tool to another. OTX provides several methods for your security tools to ingest pulse data, allowing you to react quickly and more efficiently to any threats.
Automatically instrument the built-in IDS security capabilities within the AlienVault USM platform, as well as third party security tools, with the latest actionable threat data from community-generated OTX pulses.
Learn more ›
With its direct OTX integration, OTX Endpoint Security™ allows you to hunt for threats on your endpoints without using other security products. So, you can immediately take advantage of the community-powered threat intelligence of OTX.
OTX Endpoint Security uses the same agent-based approach as expensive endpoint security tools, giving you meaningful threat visibility of your critical endpoints without the cost and complexity. With other free, open source approaches to endpoint agents, it can be difficult to deploy, to know what to query, and to correlate this information with the latest threat data. OTX Endpoint Security removes this complexity and guesswork while providing a free security service available to all. Learn more ›
Export IoCs automatically into your existing security tools, eliminating the need to manually add IP addresses, MD5 hashes of malware files, domain names, etc.
Import IoCs from pulses into third party security tools.