Data Diversity: The CTA Advantage
Despite the general turbulence unleashed by the COVID-19 pandemic, CTA has continued over the last year to mature as an organization in terms of both our threat intelligence sharing and membership growth. Of course, these two aspects are closely intertwined. Because our membership rules require all CTA members to share, having more members from a greater number of industry verticals with coverage in a wider range of geographic regions means more diverse threat intelligence is available to our membership as a whole through the CTA platform.
CTA membership is growing. And fast.
As evidenced by the recent surge in membership growth, with the addition of Anomali, OneFirewall, SecurityScorecard, Avast, Tehtris, and Morphisec in just the last two months, a growing share of businesses from across the industry are realizing that they can benefit from joining CTA on our collective mission. Even during a global crisis, CTA membership and a commitment to threat intelligence sharing is a worthwhile proposition for organizations committed to better securing our digital ecosystem.
The value that each of these additional members creates for the Alliance overall is greater than each individual contribution alone, since they span five countries and expand our global reach to a total of ten different countries, enabling CTA data to drive security improvements for a wide range of cybersecurity products and services popular across a broad swathe of national and regional markets.
Sharing is caring.
To realize the benefits of CTA membership — including access to shared intelligence, a place within our broader community of expert practitioners, and opportunities for collaboration — our members are required to maintain a certain level of commitment to our common mission by consistently sharing intelligence with the rest of the Alliance at a level that meets or surpasses a collective minimum threshold.
Crucially, no one vendor — or any organization, for that matter — has a comprehensive and unimpeded view into the entirety of the global cyber threat landscape. As such, every member brings something unique to the table. Even our largest and most well-resourced members still report receiving ‘new-to-them’ threat intelligence through CTA.
Diverse data, and lots of it.
Our growing membership also means that CTA members are now sharing more data, and more diverse data, through our automated sharing platform than ever before; averaging nearly 7 million observables per month in the last quarter of 2020 (~235,000 per day). Submissions also include more context, such as first-seen, last-seen, kill chain phase, and ATT&CK TTPs. Meanwhile the capabilities of our new sharing platform, Magellan, make uploading and extracting data from the platform a near-frictionless experience (see the most recent issue of our quarterly newsletter, CTA In Focus, for more details on the upgrade).
Beyond the benefits of a larger and more diverse membership for our automated sharing program, it also means a greater impact for our human-speed early sharing, which is conducted through CTA’s Algorithm & Intelligence (A&I) Committee. The nearly 375 early shares of blog posts and research findings to date have helped to ensure that protections can be developed or delivered ahead of the public release of these reports to the extent permissible under the TLP rules that govern that aspect of our threat intelligence sharing efforts.
Moving into the remainder of 2021, we look forward to welcoming new members to CTA and continuing the growing success of our threat intelligence sharing program. If your company has threat intelligence to share, we’d love to hear from you and discuss how you can deliver stronger security through being a part of CTA — contact us today!