We were founded in 2014 through an informal agreement to share intelligence among Fortinet, McAfee, Palo Alto Networks, and Symantec. They called this arrangement the Cyber Threat Alliance, but CTA had no dedicated staff nor any legal paperwork. In 2015, the companies developed a white paper on the Cryptowall Crimeware. The paper garnered a lot of attention and showed the value of collaboration among the cybersecurity community.
At this point, the companies realized that they were involved in something bigger.
In order to increase the impact across the ecosystem, CTA needed to scale. To achieve this, the Founding Members decided to establish CTA as an independent organization and re-launch it in February 2017 at RSA. The revamped CTA now has dedicated staff, resources, and a technology platform for sharing advanced threat data. As a result, CTA members can all share timely, actionable, contextualized, and campaign-based intelligence that can be used to improve their products and services to better protect their customers, more systematically thwart adversaries, and improve the security of the digital ecosystem.
In addition to sharing through out platform, CTA members share blogs, research findings, and analysis through our Early Sharing program ahead of general publication. Typically, members receive 3-5 early shares per week.
HOW DOES OUR SHARING PLATFORM WORK?
WHAT DO WE SHARE THROUGH OUR PLATFORM?
- Approximately 8,000,000 observables per month in STIX 2.0 packages, with an average of three pieces of context per observable.
- Packages include a range of observables and TTPs across the kill chain.
- Observables include, for example: files, domain names, addresses, and Uniform Resource Identifiers (URIs).
- TTPs: Over 50 TTPs from MITRE’s Common Attack Pattern Enumeration and Classification (CAPEC™) and Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™).
- Membership in CTA gives members access to validated, curated threat intelligence they might otherwise not have.
TECHNOLOGY & PROCESS
- Our platform is efficient, easy to use, and rapidly updateable, and has the adaptability, ease-of-use, and analytic potential essential for tackling threats as they emerge. It is also designed to incentivize the sharing of high quality, actionable threat intelligence that satisfies the needs of CTA members.
- The platform is housed in the cloud and was developed using open-source technologies and tools to ensure the solution is vendor-agnostic to the greatest extent possible.
- The platform applies a value-based algorithm to all shared intelligence. The algorithm rewards timeliness and context, and points are awarded based upon the desirability of that data among CTA’s membership.
- The platform will continue to evolve and develop over time as the CTA expands and matures, with member engagement through CTA’s Platform and Algorithm & Intelligence Committees.
LEARN MORE ABOUT MEMBERSHIP TODAY
JOIN YOUR PEERS IN SHARING CYBER THREAT INTELLIGENCE TO BETTER PROTECT YOUR CUSTOMERS AND THE DIGITAL ECOSYSTEM.