Information sharing on cybersecurity is an increasing focus for the security community, vertical markets and the federal government, with much debate as to how to best architect systems for doing so. AlienVault is taking an unusual tack, and has announced the beta release of Open Threat Exchange (OTX) 2.0, a social media platform for the security community to share threat intelligence for collaborative cyber-defense.
OTX is a crowd-sourced threat intelligence-sharing system, with members so far contributing 1 million threat indicators per day. This second iteration represents a big shift from the traditional contribution-based model for sharing threat intelligence, and the company said that it hopes that building OTX 2.0 on a foundation of a social networking architecture will allow the OTX community—which has 26,000 participants—to actively discuss, explore, validate and share the latest threat data, trends, techniques and research.
“When we first released Open Threat Exchange, our goal was to deliver an open threat intelligence-sharing network that put effective security measures within the reach of all organizations,” said Barmak Meftah, president and CEO of AlienVault, in a statement. “As others in the industry have developed threat intelligence offerings that support that vision, our goal for OTX 2.0 is to move the needle on how threat intelligence data is shared, making it more collaborative and engaging in order to build a stronger security community working in unison to stop cyber-attacks.”
Over the last year, the company has also added to its OTX partner member program, which so far has 19 member companies. Partners use the AlienVault OTX API to interface directly with the platform. New members include: Bit9 + Carbon Black, Blueliv, Brinqa, Centripetal Networks, Columbus Business Solutions, Fujitsu SSL, Immediate Insight, NopSec, RiskSense, ThreatStream, T-Systems Austria and Ziften.
With the beta release of OTX 2.0, users can import and export indicators of compromise for security tools via the open API, as well as collaborate with researchers and other members of the security community. Users can also create or subscribe to an existing “Pulse,” an analysis of a particular threat that provides a summary of the impact, as well as get a view into the software targeted and related indicators of compromise used to detect threats.