Collaborative Defense with AlienVault Open Threat Exchange (OTX)
In this interview with Dark Reading at Blackhat 2016, Brian Gillooly and Roger Thorton discuss the latest update to AlienVault's threat sharing community of over twenty thousand users, Open Threat Exchange (OTX).
ROGER: Great, excellent. So we have talked about OTX. You have something new to talk about here at the show, so let's hear about it. This is the news desk.
BRIAN: Okay, so a little background information on OTX in case people don't know about it. At AlienVault, we have a commercial customer base of about four thousand customers. We have an open source user base of about twenty thousand users. That ecosystem ops into a threat-sharing system we call OTX (Open Threat Exchange). So OTX is members of that community sharing with each other through OTX, any indicator of compromise that they found while doing there threat detection work. In an ideal sense, if you attack one member of that network in a short manner of time, everybody in the network is going to know about it, and that is OTX. OTX has since grown. We have opened OTX to anybody in the security community that wants to participate. You don't have to be in AlienVault open source or a commercial user. You could be using any product, just having a genuine interest in helping the community and contributing. So you can go to OTX and you can become a member, there is forty-seven thousand people that have done that to date. Within OTX, we publish these things we call pulses, and a pulse is a collection of IoCs that together form some bit of information that someone would use to protect themselves. The community—anybody in the community can create a pulse, and anybody in the community can help curate that pulse. This has been going on for a couple of years, a lot of people use it, it is a big part of what fuels our threat intelligence. I know OTX data ends up in Spunk deployments and on-site deployments, and so we happily share that threat data with our competitors because this is all of us finding a common enemy. Now, what we have got to announce is OTX remains the world's largest open collaborative community, but we are giving people inside that community the ability to make private groups because whereas we would ultimately like you to share the threat intelligence of everybody, some companies don't feel comfortable sharing with everybody and they would rather start with sharing with a selective group of friends or colleagues or maybe people in the same vertical industry. So the latest version of OTX has just been released and it enables this creation of groups and private groups.