Cyber Threat Intelligence: Teaming up for ever more secure cybersecurity

By the TEHTRIS Team

TEHTRIS understands that there is strength in numbers and has chosen to join the Cyber Threat Alliance, alongside other experts in the field, to share our unique, high value-added threat intelligence markers in order to contribute to a safer digital world.

The professionalization of ransomware groups, the maturity of attackers, and their new organizational capacity (cartel formation, RaaS, etc.) justify the importance of joining forces to better anticipate, prevent, and neutralize threats.

One of the emerging threats of the last 12 months is undeniably the threat to software supply chains. The attacks against SolarWinds and Kaseya impacted more than 20,000 large companies and administrations worldwide, including very sensitive entities such as certain critical government services. The side effects of these two attacks are still causing collateral damage.

It is clear that both attacks were orchestrated and carried out by extremely powerful, organized, and wealthy groups, possibly sponsored by states. And while attacks by APT groups remain among the most complicated to detect, some traces (such as TTPs or malware used) could have alerted cyber analysts. The importance of CTI is therefore no longer in question, and the obviousness of mutualization is no longer in question. If all the players who knew the latest TTPs of these hostile groups had shared them, it might have been easier to react timelier.

What is the Cyber Threat Alliance?

The Cyber Threat Alliance defines itself as “a nonprofit organization that strives to improve the cybersecurity of our global digital ecosystem by enabling the sharing of high-quality, near-real-time cyber threat information among businesses and organizations in the cybersecurity field.” The primary objective of the CTA is to give each member access to quality cyber intelligence via a shared platform maintained by the consortium. This platform automates the collection and contextualization of information on threats. Thus, intelligence that was previously abstract or unknown to some, becomes concrete, contextualized and immediately exploitable: we speak of actionable cyber intelligence, and improving analysis, detection, and deployment of response strategies for improving protection technologies.

As noted by Michael Daniel, CTA President & CEO, “Regardless of size, regardless of capability, no organization has complete visibility into the Internet or cyberspace. Different companies and organizations have different perspectives, information sources and monitoring methodologies. Yet threat analysis and mitigation benefits from as broad and diverse an information base as possible. Therefore, sharing threat intelligence is a critical component of effective cybersecurity. It’s the only way to get the visibility you need and deliver effective products and services to customers.”

In response to the Kaseya ransomware attack, CTA members were able to share information and analysis about this incident via the Early Sharing program. They highlighted the zero-day attack against MSPs using the VSA product and the attack on the service supply chain that leverages the VSA platform. The CTA collected threat reports, blog posts, protection tips and proposed mitigation measures.

TEHTRIS and CTA

TEHTRIS, which has long understood the importance of integrating context into its detection, decided to share with other specialists in the field in order to improve industry detection capabilities. Therefore, we share with CTA cyber intelligence collected by our own unique and innovative technology. Because we are as close as possible to the endpoint and the user, the preferred targets of attackers, we are able to provide an extremely precise vision of a threat.

In return, TEHTRIS CTI can benefit from the cyber-intelligence produced by other professionals from other sectors, and can therefore better protect our customers. This is a real added value that we are able to bring to our partners and customers.

The latest attacks show the need to have more robust solutions. TEHTRIS is proud to participate in a global strategy to promote and improve cybersecurity worldwide. We appreciate that all CTA members must contribute in threat intelligence sharing, which is a core principle of the alliance.

TEHTRIS takes the appropriate course of action to share intelligence that contributes to strengthening cyber defense. TEHTRIS develops synergies between actors from different sectors of activity, from different geographical areas, and thus strengthens the integration of European countries in the global economic fabric, and promotes a rise in competence in the cyber ecosystem. Europe has reached maturity in cyber and we strive to stand out by proving our ability to react to a threat and by making contributions within the framework of the CTA.

TEHTRIS is honored to share our skills, expertise, and intelligence with CTA. We are determined to work together with other partners to fight against cybercrime. We value highlighting Europe’s involvement in the construction of a Cyber Intelligence strategy. We are demonstrating our place as a digital power; we must now count on this alliance as a major player in the strategy to fight cybercrime.

Headshot of Jeannette Jarvis.

Author: Jeannette Jarvis

As Chief Recruitment & Marketing Officer, Jeannette is responsible for CTA’s partnerships, branding, and communications efforts. Jeannette has worked in cybersecurity for 25 years, previously holding various senior leadership positions, including Director of Product Marketing at Fortinet and Director of Product Management at McAfee and Intel Security. She also served in leadership roles at Microsoft and Boeing. Jeannette is on the advisory board for Virus Bulletin, an international organization covering the global threat landscape.