Former White House Cybersecurity Leader Joins CTA to Drive Alliance Mission of Improving Global Defenses Against Cyber Adversaries; Six Industry Leaders Collaborate on Automated Threat Intelligence Sharing Platform

San Francisco, Calif. – RSA Conference 2017 – February 14, 2017 – The Cyber Threat Alliance (CTA) today announced the appointment of Michael Daniel as the organization’s first president and its formal incorporation as a not-for-profit entity. Additionally, founding Members Fortinet® (NASDAQ: FTNT), Intel Security, Palo Alto Networks (NYSE: PANW), and Symantec (NASDAQ: SYMC) today announced the addition of Check Point® Software Technologies Ltd. (NASDAQ: CHKP) and Cisco (NASDAQ: CSCO) as new alliance founding Members. Together, the six founding Members have contributed to the development of a new, automated threat intelligence sharing platform to exchange actionable threat data, further driving the CTA’s mission of a coordinated effort against cyber adversaries.

News Summary

  • The CTA incorporated as a not-for-profit in January 2017 and appointed Michael Daniel as its first President in February. Daniel was formerly Special Assistant to the President and Cybersecurity Coordinator for the White House.
  • The CTA has expanded to include Check Point Software Technologies and Cisco as new founding Members who joined pre-incorporation.
  • The CTA’s inaugural Board of Directors includes the CEOs and senior leadership of six major cybersecurity vendors: Check Point, Cisco, Fortinet, Intel Security, Palo Alto Networks and Symantec.
  • The CTA outlines its corporate purpose as a not-for-profit: to share threat information in order to improve defenses against cyber adversaries across member organizations and protect customers; to advance the cybersecurity of critical IT infrastructures; and to increase the security, availability, integrity and efficiency of information systems.
  • The first CTA project as a standalone entity is the development and rollout of a new, automated threat intelligence-sharing platform that enables Members to integrate real-time, actionable intelligence into their products to better protect global customers.
  • In addition to expanding its founding Members, the CTA has added new affiliate Members, including IntSights, Rapid7 and RSA, who join existing Members Eleven Paths and ReversingLabs.

CTA Formalizes as an Independent Not-for-Profit Entity

Founded and actively sharing threat intelligence since 2014, the CTA has evolved to an independent organization with Michael Daniel as its President and a Board of Directors comprised of its six founding Members, Check Point, Cisco, Fortinet, Intel Security, Palo Alto Networks and Symantec. Daniel brings extensive expertise to the CTA in developing strategic cyber partnerships and programs that span the private and public sector, as well as other nations to build the most effective security solutions. The CTA’s move to an incorporated entity signifies the commitment by industry leaders to work together to determine the most effective methods for sharing automated, rich threat data and to make united progress in the fight against sophisticated cyber attacks.
Since inception, the CTA has regularly exchanged information on botnets, mobile threats and indicators of compromise (IoCs) related to advanced persistent threats (APTs), and advanced malware samples. Notable milestones of the CTA’s cooperative efforts cracked the code on CryptoWall version 3, one of the most lucrative ransomware families in the world, totaling more than US $325 million ransomed. The CTA’s research and findings pushed cybercriminals to develop CryptoWall version 4, which the CTA also uncovered and resulted in a much less successful attack, validating the power of the CTA’s cooperative threat intelligence sharing.
These coordinated efforts demonstrate that all Members of the CTA believe in protecting the common good of the Internet by sharing intelligence to combat sophisticated global cyberattacks. By bringing together industry competitors contributing their unique threat insights, the CTA builds a comprehensive view of important threat actors. With enriched understanding and enhanced protections against global attacks, members can better protect customers in real time and prioritize resources based on collective knowledge.

Information Sharing Platform Automates Collaboration on Contextual Threat Intelligence

With co-development from its six founding Members over the past year, the new CTA platform automates information sharing in near real-time to solve the problems of isolated and manual approaches to threat intelligence. The platform better organizes and structures threat information into Adversary Playbooks, pulling everything related to a specific attack campaign together in one place to increase the contextual value, quality and usability of the data. This innovative approach turns abstract threat intelligence into actionable real-world protections, enabling Members to speed up information analysis and deployment of the intelligence into their respective products.
To foster continued collaboration and incentivize meaningful threat data, the new CTA platform requires Members to automate their intelligence sharing contributions, meet a minimum contribution every day, and rewards contextualized, unique intelligence. Members will eventually be rewarded with greater levels of access based on the value and volume of the information they have contributed.
In addition to its core mission of coordinated information sharing, the CTA is also the first industry trade association designed by and exclusively for cybersecurity practitioners. Representing the collective voice of industry leaders, the CTA is committed to help shape industry best practices and continue to ensure that the most effective security is being delivered for individual customers and organizations around the world.

Supporting Quotes

“The future of cyber security is here. The CTA collaboration will enable us to accelerate the pace of innovation as we work to protect the cloud, mobile and provide the best means for advanced threat prevention. ”
Gil Shwed, founder and CEO, Check Point

“The CTA lets us better take the fight to the bad guys for the common good of the internet. Working together, we complete the bigger picture of what we know about important attacks giving us better protections against both large, global attackers and even more discrete, targeted threats. The CTA is a win for the good guys and a setback for attackers.”
Marty Roesch, chief architect, Cisco Security

“As a founding Member of the Cyber Threat Alliance, we strongly believe in this next level of commitment to help deliver automated, comprehensive threat intelligence to our global customers and all organizations. The CTA becoming a standalone organization signifies that the cybersecurity industry holds a collective responsibility to work together to prevent advanced, global cyber attacks by sharing meaningful threat findings. The best way to combat the negative impact of cybercriminals and best protect our customers is through cooperation and partnership based on actionable intelligence from diverse sources.”
Ken Xie, founder, chairman of the board and CEO, Fortinet

“We believe there is power in working together, as people, as products and as an industry. For the last three years, we have worked shoulder-to-shoulder with our Cyber Threat Alliance founding Members to share threat intelligence, build context around advanced threats, and provide our customers the benefits of our collective knowledge. This ongoing effort will help Intel Security customers build defenses that understand and counter complex attacks more quickly and effectively, throughout all stages of the threat defense lifecycle.”
Chris Young, SVP and GM, Intel Security Group, Intel Corporation

“As a founding Cyber Threat Alliance member since 2014 and consistent driver for automated threat intelligence sharing, Palo Alto Networks is pleased at the continued forward momentum toward collectively improving the industry’s defenses against advanced cyber adversaries. Our mission is to maintain trust in today’s digital world, and the collective intelligence from the Cyber Threat Alliance eco-system furthers our ability to enable our customers to successfully prevent cyber breaches.”
Mark McLaughlin, chairman and CEO at Palo Alto Networks

“Our greatest weapon in the defense against cyber attackers is the vast power of our combined data and insights. Possessing one of the world’s largest pools of threat data carries significant responsibility, and the CTA provides us with an important coordinating mechanism to enable rapid sharing of that threat intelligence with global businesses. In today’s hyper-connected world, a single piece of malware could cripple global economies or even put lives in danger. The technology investments we’re making as members of the alliance aims to strengthen the protection of people everywhere.”
Greg Clark, CEO Symantec

About the Cyber Threat Alliance

Co-founded by Check Point ® Software Technologies Ltd. (NASDAQ: CHKP), Cisco (NASDAQ: CSCO), Fortinet ® (NASDAQ: FTNT), Intel Security (formerly McAfee), Palo Alto Networks® (NYSE: PANW) and Symantec (NASDAQ: SYMC), the Cyber Threat Alliance is the industry’s first group of cybersecurity practitioners from organizations that work together in good faith to share threat information and improve global defenses against advanced cyber adversaries. The mission of the Cyber Threat Alliance is to raise the industry’s collective, actionable intelligence and situational awareness about sophisticated cyberthreats to improve defenses for its respective customer organizations. For more information about the Cyber Threat Alliance, please visit:

Back to News