Cyber Threat Alliance, a group meant to help some of the world's leading security companies share information, announced that former White House cybersecurity coordinator Michael Daniel will be its first president. The organization also finalized its not-for-profit status, added two new members, and revealed a data-sharing platform that should allow its members to respond to threats more quickly. (Or at least that's what the companies hope.)
Fortinet and Palo Alto Networks formed the alliance in May 2014. McAfee (now Intel Security) and Symantec joined as "founding members" that September. Now, those companies have been joined by Cisco and Check Point--along with contributing members ReversingLabs, Telefónica, Zscaler, and Barracuda Networks--in their mission to create a platform through which they can share information about notable threats as they're discovered.
Here's how the group described the platform in its announcement:
With co-development from its six founding Members over the past year, the new CTA platform automates information sharing in near real-time to solve the problems of isolated and manual approaches to threat intelligence. The platform better organizes and structures threat information into Adversary Playbooks, pulling everything related to a specific attack campaign together in one place to increase the contextual value, quality and usability of the data. This innovative approach turns abstract threat intelligence into actionable real-world protections, enabling Members to speed up information analysis and deployment of the intelligence into their respective products.
Cyber Threat Alliance became a not-for-profit in January 2017, named Daniel as its president in February, and created a board of directors consisting of executives from its six founding members. The group said all these changes signify "the commitment by industry leaders to work together to determine the most effective methods for sharing automated, rich threat data and to make united progress in the fight against sophisticated cyber attacks."
Daniel is an odd choice for Cyber Threat Alliance president. His appointment as the White House's cybersecurity coordinator drew ire from the security community after he revealed that he had little technical knowledge and claimed that would actually help him do his job. His appointment suggests that the Cyber Threat Alliance is more interested in having someone with leadership experience and name recognition than with a more hands-on leader.
Still, helping companies share threat information will probably be a good thing no matter who's at the helm. That's why AT&T, IBM, and other companies formed the IoT Cybersecurity Alliance in early February, for example, and why others have called for companies to be more transparent with the problems they face. Threats rarely affect just one company; sharing expertise should help improve the security of everyone who goes online.