The Secret Sauce of the Cyber Threat Alliance? Collaboration.

As CTA has developed over the last three years, it has done so with a philosophy of collaboration front-of-mind. CTA provides a venue for productive relationships among our members to emerge and grow. We believe that these kinds of relationships are important and can provide mutual value creation. This is evidenced by the willingness of our members, who compete every day to continually improve their services, to nevertheless collaborate around our common goals.

In equal parts, the three key ingredients of this ‘secret sauce’ of collaboration are purpose, trust, and community.

 

Ingredient #1: Purpose

“We’ve learned that there is always room for improvement; we can always be better. Having access to additional intelligence always helps further protect our customers and our customers’ customers.” — Joe Chen, Engineering, Security Technologies & All Endpoint Solutions, Broadcom Inc.

From the outset, CTA has been a project of purpose. We set out to build our membership, infrastructure, and team in a way that would allow us to reach a point of sustainable sharing at speed and scale. For collaboration-oriented institutions, such as CTA, setting purpose-driven goals that enable our members to collaborate and create mutual value is both necessary and worthwhile.

As highlighted in this blog post, we recently reached 100 million shared observables since our automated sharing platform went live three years ago. As of our most recent platform upgrade, these observables must be accompanied by specific context. Other contextual information is highly incentivized through our bylaws and platform rules. Our members motivate and inform the ongoing evolution of the platform— as well as the creation of new metrics and analytics — to maximize the quality and overall value of what is shared through CTA.

 

Ingredient #2: Trust

“CTA has enabled us to collaborate in a trusted environment and build independent relationships that make that collaboration even more effective.” — Ryan Olson, VP Threat Intelligence (Unit 42), Palo Alto Networks

A frequent theme of our guest and internal blogs is trust, and with good reason. Without it, we could not do the things that we do in support of our mission as an organization.

Trust between the researchers of our member companies fosters mutual confidence in respective teams’ threat research and facilitates effective cooperation when those individuals come together on CTA committees and working groups. The quality and scope of our collaborative analyses to date, including our Tokyo Olympics Threat Assessment and Joint Analyses on securing edge devices and illicit cryptocurrency mining, are manifestations of this trust. We rely on sustained, trusted engagement across our members’ researchers and executives and are always looking for new ways to foster and build upon these relations in support of our mission.

 

Ingredient #3: Community

“We realize that our efforts not only serve to make our customers more secure, but help other members of CTA in combating cybercrime in the same way that their research helps us daily.” — SCILabs Team, Scitum

In today’s hyper-connected world, even the most energetic and enlightened CISOs and CSOs must rely on their internal teams and trusted external partners to provide reliable security assurance. The value of our close-knit CTA community is to increase both the breadth and depth of potential collaborators accessible to each of our members and partners.

Community does not appear out of thin air, however, and we have sustained our focus on creating opportunities for regular engagement. Even right now, as COVID-19 has forced many of our typical functions online, we are working hard to strengthen the bonds of the CTA community. We look forward to welcoming members and guests, including panel and keynote participants, to the CTA-sponsored Threat Intelligence Practitioners’ Summit at the virtual VirusBulletin conference at the end of this month, as well as other events coming up later this year. Regularly scheduled meetings of our committees and working groups provide a consistent venue for connection-building and collaboration. As we look to the future, we are committed to remaining proactive in building and sustaining new mechanisms for feedback and engagement of members, partners, and the wider CTA community.

CTA intelligence sharing

Author: Josh Kenway

Josh Kenway is a Cybersecurity Associate at CTA working on media, research, and analysis, and a Research Fellow at the Algorithmic Justice League. Previously a CTA intern, he holds a master’s degree in International Policy from Stanford University, where he focused on cybersecurity and digital policy issues. He earned his undergraduate degree in economics and political science from the University of Georgia and hails from London, England.