BlackHat 2014: Vendors Tee Up Info-Sharing and Threat Intelligence

Written by

Threat intelligence-sharing is a concept that almost everyone agrees is critical to the security landscape going forward; it provides the underpinning for the Obama Administration’s cybersecurity efforts and has been embraced by the private sector in a veritable deluge of cooperation. A pair of new threat-sharing gambits have now joined the fray.

CrowdStrike has announced the launch of the CrowdStrike Intelligence Exchange Program (CSIX), an initiative that allows vendor partners to access and share threat intelligence to boost the ability to detect and attribute attacks, allows for attack prioritization and provide the end customer with context about the attacks in their environment.

Meanwhile, ForeScout Technologies and ThreatStream planned combined solution, brought together via ForeScout’s ControlFabric architecture, will give organizations the ability to leverage global threat information with network security intelligence to reduce the mean time to identify threats and enable a real-time, policy-based mechanism to mitigate cyber-attacks.

CrowdStrike’s CSIX is launching with six partners contributing information: Agiliance, Centripetal Networks, Check Point Software Technologies, Ltd., General Dynamics Fidelis Cybersecurity Solutions, LogRhythm, ThreatQuotient and ThreatStream.

“We are thrilled to launch the CrowdStrike Intelligence Exchange program and look forward to adding additional partners to a growing list of industry-leading solutions,” said Scott Fuselier, vice president of worldwide sales and operations, in a statement. “With today’s ever-changing threat landscape, it’s more important than ever to be able to gain context and prioritization into targeted attacks.”

There are three ways to participate in the program. OEM partners can deliver basic attribution to help their customer understand if an attack is targeted or commodity. It queries the CrowdStrike API with supported indicators and/or submits a malware sample receiving attribution information. Or, attribution data can be made available to the OEM partner’s solution to provide context and prioritization of targeted attacks. Content delivered to the customer includes both adversary name and full profile details, including targeted sectors, exploits used and other trend data, under a license and revenue sharing model.

A third option is for the OEM partner to certify the integration of CrowdStrike Intelligence into its solution for use with joint customers.

“In the fight against malicious actors, threat intelligence can be the difference between a massive breach and attempted attack,” said Peter George, president of General Dynamics Fidelis Cybersecurity Solutions, in a statement. “Customers will be better able to protect their systems with the increased scope of intelligence we can provide as a result of our participation in the Intelligence Exchange. The integration through Fidelis XPS enables threat detection and remediation to be operationalized, with the new intelligence applied in real time.”

ForeScout Technologies and ThreatStream have in the meantime announced a partnership and plans to enable the ThreatStream OPTIC platform to interoperate with ForeScout’s CounterACT Platform.

ThreatStream OPTIC is a community-vetted cyber intelligence platform for enterprises and government agencies, which aggregates and analyzes indicators-of-compromise (IOC). Once a new IOC is discovered, OPTIC categorizes it, and ranks it for severity and relevance using data analytics to identify relationships with known threats. The planned integration would enable CounterACT to obtain threat intelligence from ThreatStream and then apply a policy-based response to mitigate threats arising from suspicious endpoints, and possibly trigger other third-party controls.

The ForeScout CounterACT platform enables access control, mobile and BYOD security, endpoint compliance and threat management.

“The ThreatStream community-vetted approach to threat intelligence, adds another layer of context to enhance ForeScout CounterACT’s controls, and facilitates policy-based response to help our customers take more informed and timely actions to cyber threats,” said Sam Davis, vice president of business development at ThreatStream, in a statement. “Because of this, joining ForeScout’s ControlFabric partner ecosystem was a logical choice. The planned interoperability provides a proven, open and holistic approach to next-generation network security.”

What’s hot on Infosecurity Magazine?