The recently-launched Cyber Threat Alliance has been given a big boost with the news that Intel's McAfee division and former arch-enemy Symantec are to join the industry group whose mission is to create the first significant cross-vendor movement of threat data.
The CTA was announced in May with founder members Fortinet and Palo Alto Networks, an intriguing collaboration between two mid-level security firms that had something to gain from this kind of initiative.
Adding two of the 'big three' antivirus firms to this mix turns the idea from being merely interesting into something potentially more significant.
Basic forms of shared threat data will include malware signatures as well as mobile campaigns, botnet command and control channels, and patterns that indicate Advanced Persistent Threats (APTs). Most important of all, members will share data on real attacks, including targeted campaigns, precisely the sorts of security events that can be used to build a bigger picture of what is going on.
“We must meet these aggressive attacks with not only innovative technology and expertise, but also deeper industry collaboration to ensure our defence is strongest”, said McAfee EMEA and Canada president, Gert-Jan Schenk.
“By creating this cyber alliance we now have the framework in place to educate one another on complex and multidimensional attacks, moving beyond just malware samples,” he said.
Interestingly, Schenk then went on to say that the firms had taken the decision to collaborate without any pressure from law-makers.
“In the absence of substantive legislation fostering this intelligence exchange, the industry must lead the way and this makes the alliance an important milestone in tackling today’s cyber security threats.”
Security threat sharing has been one of the industry’s big ideas for some time and yet nobody has managed to get the vendors themselves to coordinate it. Governments want enterprises to report serious security incidents through national CERTS (for example UK CERT), but much of the same could be achieved by joining together the customer bases of large security vendors.
In McAfee’s case, its threat data is collected by the firm’s Labs division, comprising 450 researchers.
“By working together to thwart the next generation of cyber attacks, we will be more effective in fighting to keep the Internet safe for users around the world," said Symantec president of Security technology and response Adam Bromwich.
To date, threat sharing has tended to be channeled through the idea of crowdsourcing, on a vendor-by-vendor basis, persuading customers of one company to share threats with other customers of the same firm. Examples include AlienVault's Open Threat Exchange (OTX), HP's Threat Central and Check Point's ThreatStore Intellistore. Then there are industry initiatives such as the Retail Cyber Intelligence Sharing Center (R-CISC) that gathers data on behalf of retailers.
Not long ago, the idea of two rivals such as McAfee and Symantec agreeing to pool threat data would have been seen as unthinkable, but here we are. The world has changed.