Getting to Know CTA — Part 2: Stronger Security for (Your) Customers

The Cyber Threat Alliance (CTA) recently published our Solutions Fact Sheet, which details for prospective members and other interested parties the many ways in which CTA membership generates mutual value. In this series of blog posts, we will explore in greater depth these various use cases and the common themes that tie them together.


By sharing relevant, timely, and actionable threat intelligence through the Cyber Threat Alliance (CTA), our members can gain access to new or enriched data, as well as early access to blog posts or research on malicious activity. Access to this diverse and rich data allows members to validate and build upon their existing threat intelligence and threat intelligence drawn from other sources, optimizing their prevention and detection capabilities to better protect customers.
CTA members are industry leaders, showcasing their commitment to the mission and vision of CTA and to the broader goal of securing our digital ecosystem. Our focus on sharing context allows members to achieve a clearer view over the threat landscape, with visibility from around the globe and across industries.


When an organization becomes a member of CTA, they are demonstrating confidence to key stakeholders in the unique value of their data and the quality of their research teams.
Our members commit to sharing threat data in order to make our global digital ecosystem safer. The cybersecurity industry should focus its competition on high value activities like intelligence, analysis, and prevention, where threat data like IOCs and associated technical context is a shared input, if we want to see stronger security across the board.


Each of the over one-million observables submitted to our platform each week is accompanied by key pieces of required contextual information. In addition, members may include optional additional context within their submissions.
This accompanying contextual information allows members to build a deeper understanding of the malicious activity that they observe. “Who, what, where, when, and why?” are all questions that are more easily answered thanks to this more complete picture. Insights from CTA data can help to prioritize the development of protections based on a detailed understanding of threats and associated risks.


All CTA members — cybersecurity providers, MSSPs, platforms, ISPs, telcos, etc. — have unique points of view over the threat landscape. Our members also have distinct strengths in terms of geographic coverage over a range of regional markets around the world.
This wide spread of coverage allows them to target the development of protections for customers across different countries and continents. By sharing this information, our members can broaden their visibility and impose greater costs on adversaries.


By participating in CTA, our members help to make the digital ecosystem more secure and end-users safer. We believe that this commitment is worth making for organizations that produce and consume cyber threat intelligence.
In our final blog in this series, we will dive deeper into how the CTA sharing model enables our members to develop more granular and actionable insights into patterns of malicious activity. To read the first blog in this series, on CTA as a nexus for expert practitioners, click here.

Author: Jeannette Jarvis