Despite the general turbulence unleashed by the COVID-19 pandemic, CTA has continued over the last year to mature as an organization in terms of both our threat intelligence sharing and membership growth. Of course, these two aspects are closely intertwined. Because our membership rules require all CTA members to share, having more members from a greater number of industry verticals with coverage in a wider range of geographic regions means more diverse threat intelligence is available to our membership as a whole through the CTA platform.
CTA membership is growing. And fast.
As evidenced by the recent surge in membership growth, with the addition of Anomali, OneFirewall, SecurityScorecard, Avast, Tehtris, and Morphisec in just the last two months, a growing share of businesses from across the industry are realizing that they can benefit from joining CTA on our collective mission. Even during a global crisis, CTA membership and a commitment to threat intelligence sharing is a worthwhile proposition for organizations committed to better securing our digital ecosystem.
The value that each of these additional members creates for the Alliance overall is greater than each individual contribution alone, since they span five countries and expand our global reach to a total of ten different countries, enabling CTA data to drive security improvements for a wide range of cybersecurity products and services popular across a broad swathe of national and regional markets.
Sharing is caring.
To realize the benefits of CTA membership — including access to shared intelligence, a place within our broader community of expert practitioners, and opportunities for collaboration — our members are required to maintain a certain level of commitment to our common mission by consistently sharing intelligence with the rest of the Alliance at a level that meets or surpasses a collective minimum threshold.
Crucially, no one vendor — or any organization, for that matter — has a comprehensive and unimpeded view into the entirety of the global cyber threat landscape. As such, every member brings something unique to the table. Even our largest and most well-resourced members still report receiving ‘new-to-them’ threat intelligence through CTA.
Diverse data, and lots of it.
Our growing membership also means that CTA members are now sharing more data, and more diverse data, through our automated sharing platform than ever before; averaging nearly 7 million observables per month in the last quarter of 2020 (~235,000 per day). Submissions also include more context, such as first-seen, last-seen, kill chain phase, and ATT&CK TTPs. Meanwhile the capabilities of our new sharing platform, Magellan, make uploading and extracting data from the platform a near-frictionless experience (see the most recent issue of our quarterly newsletter, CTA In Focus, for more details on the upgrade).
Beyond the benefits of a larger and more diverse membership for our automated sharing program, it also means a greater impact for our human-speed early sharing, which is conducted through CTA’s Algorithm & Intelligence (A&I) Committee. The nearly 375 early shares of blog posts and research findings to date have helped to ensure that protections can be developed or delivered ahead of the public release of these reports to the extent permissible under the TLP rules that govern that aspect of our threat intelligence sharing efforts.
Moving into the remainder of 2021, we look forward to welcoming new members to CTA and continuing the growing success of our threat intelligence sharing program. If your company has threat intelligence to share, we’d love to hear from you and discuss how you can deliver stronger security through being a part of CTA — contact us today!
Author: Jeannette Jarvis
The latest from the cyber threat alliance
On behalf of the Cyber Threat Alliance and the Cybersecurity Coalition, we would like to cordially invite you to attend our fifth annual cyber policy event, CyberNextDC. CyberNextDC is one of DC’s leading cybersecurity policy events of the year. This year’s event will be held in–person with an option to view via Zoom. CyberNextDC 2022 […]
Systemic Cybersecurity Risk and role of the Global Community: Managing the Unmanageable
Cyberattacks are frequently becoming ‘cyber events’ with systemic impact. How can governments and businesses respond?
Preparing for New Incident Reporting Requirements
Mandatory cyber incident reporting is being extended to many more organizations. Those already subject to these regulations face new, more stringent, requirements. Engaging proactively with government agencies and your own incident response and legal partners will make mandatory incident reporting as frictionless as [...]