In this blog post, we look at what our members have been saying, through guest blogs and profiles in CTA’s quarterly newsletter, about how we are delivering on the core aspects of our mission: protecting end users, disrupting malicious actors, and elevating overall security.
The CTA community knows that we are stronger together. Read on to find out why.
“Our strength comes in our numbers. That’s why we take our participation in CTA so seriously. It’s why we contribute the threat intelligence that we do and why we have a roadmap for improving the information we share with other members.” — Scott Lambert, VP Threat Intelligence, ReversingLabs
CTA’s core value proposition of threat intelligence sharing comes in two distinct flavors: automated sharing of STIX-based threat intelligence through our cutting-edge platform, and human-to-human sharing and engagement within CTA’s trusted community.
With respect to our automated sharing, CTA’s geographically diverse and inclusive approach where all members sit on a level playing field is a major value-add, according to Sheba Grace, Vice President of India-based K7 Computing, in that it allows K7 to access data from a wide variety of world-leading cybersecurity providers and to “place the quality of [K7’s] intelligence in a global context.” As the size of our membership continues to grow and the capabilities of CTA’s automated sharing platform, Magellan, continue to mature, the defensive value of such diverse data to our members is only going to grow.
The value of our early sharing program, according to Ryan Olson, VP Threat Intelligence at Palo Alto Networks’ Unit 42, comes about in large part because “having access to a CTA member’s threat research before it’s published gives everyone an opportunity to confirm protections for their customers are in place as quickly as possible.” However, human-speed engagement among CTA’s members goes beyond early sharing and associated validation, since member researchers can also pose questions and engage in discussions around hot topics and emerging threats, both in real time during CTA committee meetings and asynchronously through our Webex channels.
“The threat intelligence collaboration NTT enjoys with our CTA partners serves as a force multiplier … [so] we can act faster and more effectively to minimize harm to our clients.” — Mark Thomas, Senior Threat Intelligence Director, NTT Ltd.
Part of the rationale behind creating CTA, according to Derek Manky, Chief of Security Insights and Global Threat Alliances at Fortinet’s FortiGuard Labs, emerged from an awareness that “adversaries were forming their own cyber ecosystems … [so] defenders needed to organize … to keep up.”
Whereas previously, individual organizations were forced to confront cyber adversaries either individually or through ad hoc partnerships, CTA has made it possible for the industry to start “taking the fight beyond just analyzing and blocking … attacks,” to a point where CTA members can work collaboratively to support and directly engage in threat disruption activities. In particular, notes Jen Miller-Osborn, co-creator of the MITRE ATT&CK framework and Deputy Director of Threat Intelligence at Palo Alto Network’s Unit 42, CTA’s Algorithm and Intelligence Committee, which serves as the collaborative hub for members’ threat researchers within CTA and supervises our early sharing program, is “one of the more active communities in this space, even offline, in terms of reaching out and sharing. It’s a win-win situation all around.”
“CTA is the best collaborative platform out there in the private sector. I’ve been involved in other collaborative groups that have members in common with CTA and when those groups ask, ‘How do we improve?’ people often say, ‘Be more like CTA.’” — Imelda Flores, Head of SCILabs, Scitum (Cybersecurity Division of Telmex)
Both internally and in coordination with members and partners, CTA works to support, develop, and promote initiatives, policies, and programs of work that raise the level of security and resilience across the global digital ecosystem. For example, in early 2021 CTA released policy guidance for governments on how to more safely handle and disclose high-risk vulnerabilities, and co-sponsored a paper from one of our members, SecurityScorecard, advocating for a more sophisticated and robust approach to private sector cyber-risk disclosures. This kind of work helps to drive recognition of CTA across the industry as a thought-leader not only in terms of our innovation around information sharing and threat disruption, but also around out work to advance the state of cybersecurity more broadly.
CTA’s engagement in initiatives such as the World Economic Forum’s Partnership Against Cybercrime and the Ransomware Task Force recently established by the Institute for Security & Technology are also, according to Derek Manky, “a logical next step for CTA and a logical next step in the fight against cybercrime.” Moreover, when CTA stands up and engages across the cybersecurity ecosystem, we do so not only on behalf of our members, but the cybersecurity industry as a whole.
CTA and the cybersecurity industry as a whole is stronger when we stand and work together. To learn more about CTA membership, contact us today.