Written by Matt Watchinski, VP, Global Threat Intelligence Group, Talos, Cisco
Cisco Talos sets out every day to make the internet a safer place.
But we can’t always fight the good fight alone.
That’s why we are so proud of what we’ve accomplished with the Cyber Threat Alliance, which turns 5 years old today. We set out to co-create the CTA five years ago so that the largest cybersecurity companies in the world could coordinate and share vital information that can protect users across the globe.
The CTA allows us to share our intelligence ahead of publishing time — through automated means and early copies of security research — so that other organizations can craft detection and prevention for their customers, and vice-versa. This allows all of us to create a safer cyber space for all.
For example, when Talos researchers discovered that attackers were exploiting some well-known vulnerabilities in Microsoft Exchange Server to deliver the Babuk ransomware, we used the CTA to share our research with partners before we went public with that information. That gave other security company members like Palo Alto, Checkpoint and Fortinet time to process our research and make sure their customers were protected.
That way, they were a step ahead of the bad guys by the time we made our research public, and the attack surface for bad actors became that much smaller.
The same goes for Talos detection — when we receive intelligence via the CTA, we craft detection for Cisco Secure products and solutions so when partner companies publish their research our customers are already protected.
Outside of company security research, the CTA also offers member companies access to intelligence from U.S. government agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and other Information Sharing and Analysis Centers (ISACs) that may never make it out for public consumption.
We started the CTA with just a handful of partners. Today, there are 34 member organizations, who all share the same goal of protecting users everywhere and we continue to recruit additional members. While we all may be competitors at some level, what we have built over the last five years is an amazing amount of trust in the industry. Security isn’t an individual effort — it’s a team sport, and you must trust the person next to you to be an effective team.
That way, when large-scale security events like Log4j and NotPetya occur, the security community is ready with a coordinated response.
The CTA is also an outspoken proponent of global, coordinated response to cyber threats. As we wrote in a blog post earlier this year regarding ransomware attacks, “Both governments and the private sector will have many challenging moments as we move to combat these threats. Now more than ever, wisdom and level heads are needed to find the appropriate levers of government and the private sector, and to apply those levers effectively against the threat.” That is something we strive for every day with our CTA members in partnership with federal and global government agencies.
Talos is proud to continuously support the CTA and its information-sharing programs. If your organization is interested in becoming a member, visit https://www.cyberthreatalliance.org/membership.