Keep Calm and Form an Alliance

Cyber Threat Alliance Declares War on Cyber Criminals; by Darrell Burkey, Director, IPS Products, Vasco Data Security. The Cyber Threat Alliance (CTA), officially formed and registered as a not-for-profit...

Cyber Threat Alliance Declares War on Cyber Criminals; by Darrell Burkey, Director, IPS Products, Vasco Data Security.

The Cyber Threat Alliance (CTA), officially formed and registered as a not-for-profit organisation in January 2017, is a collaboration of industry leading IT security professionals dedicated to sharing intelligence and expertise in a bid to win the war against cyber crime.

The founding members consist of some of the biggest vendors in the security industry, one of which being Check Point Software Technologies. The CTAs first president is none other than Michael Daniel, former cybersecurity coordinator for the White House under President Obama.

What is the purpose of the CTA?

In an unusual display of unity within a commercial market, the CTA represents a good faith collaboration of leading security vendors in an attempt to pool knowledge, resources and expertise to improve the overall strength of security systems and services designed to guard against cybercrime. It is hoped that the alliance can share threat information across its network of members and reduce the delays in response time to new and advanced risks.

The founding members, along with any and all new member organisations, are bound by five key principles:

  • For the greater good: Share intelligence to strengthen critical infrastructure and protect our customers.
  • Time is of the essence: Prevent and circumvent attacks by sharing timely, actionable intelligence.
  • Context is king: Prioritize the sharing of contextual, accurate intelligence tied to specific campaigns.
  • Radical transparency: All intelligence is attributed and policies will always be published and clear.
  • No pay to play: All members must share intelligence to extract intelligence from the CTA.

Of course, there are no altruistic actions in business and the commercial benefits for all involved are clear; the more secure they can make their products, the better protection they can offer their clients which will be of a huge commercial benefit.

Though the notion of the CTA has been in place for a couple of years, its formal operating structure established in January 2017 now sets itself up as the first trade association for the cybersecurity industry that is exclusively designed by and for skilled professionals. The distinction between what it was and what it intends to be is clear; the CTA members recognise that, when it comes to fighting cybercrime, there is strength in numbers.

Let’s be clear, CTA members (prior to their formal incorporation) did share intelligence on threats to the industry but this could, at best, be described as lip-service; the few thousand pieces of data provided to partner members being just a spit in the sea compare to the millions of variants of malware that occur each day.

So, what’s different?

Well, the first thing is the platform that has been developed which can enable this rapid sharing of such huge amounts of data. The limits of the efficacy of this information relies on the data being immediate and this new platform can enable intelligence to be shared in near real-time. Secondly, the formal incorporation of its six founding members has secured both commitment of funds as well as staff in order to deliver on the alliance’s vision.

How will the CTA work in practice?

At the heart of the CTA is the newly developed threat sharing platform. Able to analyse and validate shared data input, this highly sophisticated mechanism will provide near real-time threat intelligence. The output for members in good standing will be valuable and timely alerts to help them respond more quickly to new risks.

Members will be constantly rated based on the information they are feeding into the platform and how useful this. Known as a ‘value rating’, members must submit a minimum level of intelligence in order to remain a part of the CTA. Similar to the way Domain Authority works in SERP rankings, intelligence from members with higher value ratings will take precedence in terms of authority.

The value rating is an important part of the platforms ability to report valuable and trusted data as well as to ensure that no single member benefits more from being part of the alliance than another.

This process relies on a complex algorithm designed to ensure commercial fairness with members who submit less data also receiving less in return; the primary driver is that members give more to get more.

A centrally appointed governing body will oversee the mechanisms of information exchange using the intelligence sharing platform in an effort to ensure that both the quality of sharing is being effectively incentivised but also to ensure no ‘gaming’ is taking place.

Clearly only time will tell if the CTA can have the impact on cybersecurity that its members so desire, and whether the CTA platform can deliver on its promises. What is clear is that the desire to drive improved IT security to higher standards is a common goal for all; one on which it is high time we maximised on.

In this article

Join the Conversation