Information- and threat-sharing is increasingly seen as a primary key to keeping up with cyber-threat evolution, and security firms Fortinet and Palo Alto Networks have decided to do their part. The two have co-founded a cyber-defense consortium.
The cyber-consortium is for now anchored by its inaugural members, Fortinet and Palo Alto, but there is an open invitation to other organizations that share in its goals and objectives. Members must also meet the minimum requirement for participation – the ability to share at least 1,000 samples of new malware executables every day.
The mission of the consortium is to drive a coordinated industry effort against cybercrime and cyber-criminals through deep collaboration on threat intelligence and sharing of preventative measures. The ability to disperse malware knowledge and threat intelligence across all member organizations will raise the overall knowledge of the group; in turn, this allows member vendors to better protect their organizations and their customers, they said.
The group’s specific goals include better cross-industry, cross-vendor threat intelligence; better coordination of incident response; and better prevention of cyber-attacks using advanced malware.
“At Fortinet we look forward to collaborating with Palo Alto Networks to continue to improve network security,” said Ken Xie, Fortinet’s chairman and CEO, in a statement. “We look forward to combining our threat resources to offer customers innovative ways to more comprehensively combat modern day dynamic, sophisticated threats.”
The ability to share what customers offer in terms of threats will be invaluable. Barmak Meftah, CEO of AlienVault pointed out in an open letter back in April, free and unrestricted data sharing is often only extended to vendor-discovered samples. “There’s the conundrum when it comes to threat intelligence: There’s vendor-created threat intelligence and customer-created threat intelligence,” he said.
Vendor-created data comes from a vendor’s R&D lab and the supplemental data they might invest in. Customer-created threat intelligence, meanwhile, is the data that flows back to the vendor from installations of their product – and this is less often shared.
“Ironically, customers end up contributing valuable threat data back to their vendors, then end up having to pay for this collective intelligence when it’s time to renew their product license,” Meftah said.
The consortium aims to change that, but said that when it comes to data privacy, only malware samples will be shared. The consortium bylaws provide that members will not share any data that can be directly attributable to customers.
“We are pleased to work with another respected innovator like Fortinet to join forces in the ongoing battle against the rapidly evolving threats stemming from advanced malware and APTs,” added Mark McLaughlin, chairman, president and CEO of Palo Alto Networks. “The consortium is a clear response to the demands from the industry for a coordinated response from their technology vendors.”