Early Sharing: Timely Collaboration for Stronger Cybersecurity Defense

At the heart of the Cyber Threat Alliance (CTA) is a commitment to improve cybersecurity defenses across the global information ecosystem. Our sharing of automated threat intelligence and collective engagement on unique cyber threats are critical aspects of this mission. Over time, CTA’s early sharing program has grown to be another valuable and important part of our work.

Our early sharing initiative allows members to share critical defensive information in the form of blog posts and research findings with one another through CTA in advance of public release. This sharing can involve the distribution of analysis, blog posts, research findings, and samples related to malicious cyber activity. Critically, it allows members to undertake defensive preparation of new, sensitive information ahead of time, rather than leaving them scrambling to protect customers after reports are made public.

The growth of this CTA program has contributed to a higher overall level of protection across the industry. We typically see between 2 and 4 early shares per week from our members, and have had over 215 early shares from CTA members since we began this program in May 2018 with Cisco’s sharing of VPNFilter. This rate of sharing and a corresponding growth in its depth and scope are a reflection of the growing mutual trust among our members that we have worked hard to cultivate and maintain.

This program now forms a crucial part of CTA’s day-to-day operations, and our members recognize and appreciate it. We regularly solicit feedback through membership-wide questionnaires covering the full range of CTA’s activities. Almost all respondents to our most recent survey from December 2019 highlighted the early sharing program as a significant benefit of membership. Such unanimity given the diversity of our membership in terms of geography, scale, and industry verticals further strengthens our confidence in the value of this program.

Our early sharing activities cover the full scope of cyber threats. This routine engagement builds CTA’s muscle memory to facilitate effective industry responses to significant cyber incidents. Members are able to leverage their data, analysis, and cybersecurity products to expose malicious activity more widely, prevent additional harm, and mitigate the activity’s effects more rapidly.

Given the importance of breadth and diversity to the success of this program, we ensure that all CTA members can access and contribute to this collective resource. Our Algorithm and Intelligence Committee manages this program, which allows representation from every CTA member regardless of their membership level. Members retain control over their analysis and can place embargos as needed on what they choose to share. This program relies on the trust, goodwill, and confidence of CTA members. We are grateful for their active participation in this program and we know that its success reflects the belief of CTA members in our collective mission.

To prospective members, we welcome any questions on what this program could do for your company. Reach out to us through this form for more information on this program and membership in general.

CTA cybersecurity Early Sharing human speed intelligence sharing security VPNFilter
Neil Jenkins

Author: Neil Jenkins

As Chief Analytic Officer, Neil leads CTA’s analytic efforts, focusing on the development of threat profiles, adversary playbooks, and other analysis using the threat intelligence in the CTA Platform. Previously, he served in various roles within the Department of Homeland Security, Department of Defense, and Center for Naval Analyses, where he spearheaded numerous initiatives tied to cybersecurity strategy, policy, and operational planning for both the public and private sectors.