By Victor Acin (Blueliv Labs Manager)
Where do you get your cybersecurity news from? If you are a cybersecurity vendor, your news feed is a great way to find outdated threat information, after an attack has already happened. But, if your mission is to defend the digital ecosystem, critical infrastructure, as well as your customers, it is time to play an active role in the community.
At Cyber Threat Alliance (CTA), that means partnering up with other experts, and industry leaders, even your competitors, for the greater good. In return, CTA facilitates the exchange of actionable threat intelligence, improving the efficiency of your investigations, and ultimately, improving the defenses of your customers.
How Blueliv uses CTA to work smarter
Blueliv, an Outpost24 company, has been an active contributor on CTA’s exchange platform since joining in 2021. Today, we analyze tens of thousands of malware samples daily in our sandbox. We use CTA as a critical source of these malware investigations, in combination with our crawlers, honeypots, and other partnerships. From these, thousands of samples unique to Blueliv, results of our own investigations, are then shared with the CTA community on a daily basis.
With the standardized use of STIX 2.0 format in place, sharing data to and from the CTA community plugs seamlessly into our threat intelligence platform. The scoring system curates the most relevant data for us, and our customers, in real-time. This relevance-based system aligns with the unique benefit of our products – reducing information overload, and delivering the risks that are most relevant to our customers.
Collaborating beyond CTA
In today’s threat landscape, it is more important than ever to join forces in the fight against cybercrime. Beyond our CTA partnership, we collaborate with VirusTotal to classify suspicious URLs.
Outside of these external partnerships, we maintain our own hub for sharing threat intelligence, the Blueliv Threat Exchange Network. We encourage researchers and cyber security professionals to join, contribute, and connect with the Blueliv team for further collaborations.
Finally, beyond the cybersecurity community, we are actively raising awareness, for both businesses, and consumers. We are regularly publishing our research findings, highlighting the latest developments in cybercrime, and the best practices to stay protected as the threats continue to evolve. No contribution is too small when it comes to defending the digital ecosystem.
Information exchange is not only the future of threat intelligence, but for cybersecurity. This is a core value for the Outpost24 group in 2023, and beyond.