Getting to Know CTA: Part 3 — It’s Not Just What You Know, But When

The Cyber Threat Alliance (CTA) recently published our Solutions Fact Sheet, which details for prospective members and other interested parties the many ways in which CTA membership generates mutual value. In this series of blog posts, we explore in greater depth these various use cases and the common themes that tie them together.

 

THE RIGHT INSIGHTS AT THE RIGHT TIME

When making decisions in high-stakes situations, including with the deployment of cybersecurity protections to customers, the timeliness of relevant information is key.

If that information is not available when needed, then it’s of no use. If it’s outdated, then its utility is limited. CTA helps our members to get the information that they need to best protect their customers when that information can be used most effectively.

 

OBSERVE TRENDS IN MALICIOUS ACTIVITY AS THEY HAPPEN

CTA members draw on a variety of sources, including their own telemetry and analysis, to generate threat intelligence. Being a part of CTA allows them to combine this information with our context-rich, shared data to generate new insights and develop a greater depth of understanding about threat volumes, tactics, themes, and targets.

Our shared data is available in near real-time and every observable is associated with first- and last-seen data. This context allows members to determine the relevance of shared data and keep ahead of the curve to better protect their customers.

 

TRACK PATTERNS IN ADVERSARIAL ACTIVITY OVER TIME

Different CTA members have distinct comparative strengths in terms of their visibility across industry verticals, physical geography, and threat vectors. CTA membership enables companies’ cybersecurity researchers to collaborate across our community to broaden their understanding of the threat landscape.

By working together through CTA, our members are able to leverage their collective understanding of adversaries’ tactics, techniques, and procedures (TTPs) to keep up more effectively as those TTPs emerge and evolve.

 

EARLY SHARING OF THREAT REPORTS

Our efforts to build a culture of engagement and collaboration across research teams at our member companies are further bolstered through the growing volume of early sharing among our members. CTA members have the opportunity to distribute research findings, blog posts, and other information about emerging threats in a secure and systematic way in advance of public distribution.

The 300+ early shares that our members have made to date have enabled timelier implementation of countermeasures and facilitated further investigation of novel cybersecurity threats. This reciprocal sharing of early warnings across our membership means faster protection for the global ecosystem.

 

KEEPING AHEAD OF THE CURVE

Through CTA, our members can access a broader range of information at the moments when that information is most important for protecting customers. We have made great progress in the nearly four years since CTA’s founding to improve the quality, depth, and relevance of our shared threat intelligence — and we will sustain that commitment moving forward.

Part I and Part II of this blog series are available offering more details on how CTA helps to support stronger cybersecurity across the digital ecosystem. We also encourage you to sign up for our quarterly newsletter for the latest on how our sharing model, platform, and membership are evolving.

CTA intelligence sharing

Author: Josh Kenway

Josh Kenway is a Cybersecurity Associate at CTA working on media, research, and analysis, and a Research Fellow at the Algorithmic Justice League. Previously a CTA intern, he holds a master’s degree in International Policy from Stanford University, where he focused on cybersecurity and digital policy issues. He earned his undergraduate degree in economics and political science from the University of Georgia and hails from London, England.