Open Threat Exchange

Last updated
Open Threat Exchange
Developer(s) AlienVault
(now AT&T Cybersecurity)
Type Security / SIEM
Website cybersecurity.att.com/open-threat-exchange

Open Threat Exchange (OTX) is a crowd-sourced computer-security platform. [1] It has more than 180,000 participants in 140 countries who share more than 19 million potential threats daily. [2] It is free to use. [3]

Contents

Founded in 2012, [4] OTX was created and is run by AlienVault (now AT&T Cybersecurity), a developer of commercial and open source solutions to manage cyber attacks. [5] The collaborative threat exchange was created partly as a counterweight to criminal hackers successfully working together and sharing information about viruses, malware and other cyber attacks. [6]

Components

OTX is cloud-hosted. Information sharing covers a wide range of issues related to security, including viruses, malware, intrusion detection and firewalls. Its automated tools cleanse, aggregate, validate and publish data shared by participants. [4] The data is validated by the OTX platform then stripped of information identifying the participating contributor. [6]

In 2015, OTX 2.0 added a social network which enables members to share, discuss and research security threats, including via a real-time threat feed. [7] Users can share the IP addresses or websites from where attacks originated or look up specific threats to see if anyone has already left such information. [8]

Users can subscribe to a “Pulse,” an analysis of a specific threat, including data on IoC, impact, and the targeted software. Pulses can be exported as STIX, JSON, OpenloC, MAEC and CSV, and can be used to automatically update local security products. [7] Users can up-vote and comment on specific pulses to assist others in identifying the most important threats. [9]

OTX combines social contributions with automated machine-to-machine tools that integrates with major security products such as firewalls and perimeter security hardware. [8] The platform can read security report in .pdf, .csv, .json and other open formats. Relevant information is extracted automatically, assisting IT professionals to more readily analyze data. [8]

Specific OTX components include a dashboard with details about the top malicious IPs around the world and to check the status of specific IPs; notifications should an organization's IP or domain be found in a hacker forum, blacklist or be listed by in OTX; and a feature to review log files to determine if there has been communication with known malicious IPs. [6]

In 2016, AlienVault released a new version of OTX allowing participants to create private communities and discussions groups to share information on threats only within the group. The feature is intended to facilitate more in-depth discussions on specific threats, particular industries, and different regions of the world. Threat data from groups can also be distributed to subscribers of managed service providers using OTX." [10]

Technology

OTX is a big data platform that integrates natural language processing and machine learning to facilitate the collection and correlation of data from many sources, including third-party threat feeds, websites, external API and local agents. [11]

Partners

In 2015, AlienVault partnered with Intel to coordinate real-time threat information on OTX. [12] A similar deal with Hewlett Packard was announced the same year. [1]

Competitors

Both Facebook and IBM have threat exchange platforms. The Facebook ThreatExchange is in beta and requires an application or invitation to join. [13] IBM launched IBM X-Force Exchange in April 2015. [14]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security, or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Fortinet, Inc. is a cybersecurity company with headquarters in Sunnyvale, California. The company develops and sells security solutions like firewalls, endpoint security and intrusion detection systems. Fortinet has offices located all over the world.

<span class="mw-page-title-main">OSSIM</span> Security information and event management system

OSSIM (Open Source Security Information Management) is an open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention.

<span class="mw-page-title-main">VirusTotal</span> Cybersecurity website owned by Chronicle

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

Computer security software or cybersecurity software is any computer program designed to influence information security. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Trellix is a privately held cybersecurity company that was founded in 2022. It has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

The following outline is provided as an overview of and topical guide to computer security:

The Equation Group, classified as an advanced persistent threat, is a highly sophisticated threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the United States National Security Agency (NSA). Kaspersky Labs describes them as one of the most sophisticated cyber attack groups in the world and "the most advanced (...) we have seen", operating alongside the creators of Stuxnet and Flame. Most of their targets have been in Iran, Russia, Pakistan, Afghanistan, India, Syria and Mali.

Cyber threat intelligence (CTI) is knowledge, skills and experience-based information concerning the occurrence and assessment of both cyber and physical threats and threat actors that is intended to help mitigate potential attacks and harmful events occurring in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.

Cyber threat hunting is a proactive cyber defence activity. It is "the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions." This is in contrast to traditional threat management measures, such as firewalls, intrusion detection systems (IDS), malware sandbox and SIEM systems, which typically involve an investigation of evidence-based data after there has been a warning of a potential threat.

A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and make certain all security measures will continue to be effective after implementation.

<span class="mw-page-title-main">Vault 7</span> CIA files on cyber war and surveillance

Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux. A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release. The tools were developed by the Operations Support Branch of the CIA.

<span class="mw-page-title-main">Anomali</span> American cybersecurity company

Anomali Inc. is an American cybersecurity company that develops and provides threat intelligence products. In 2023, the company moved into providing security analytics powered by artificial intelligence (AI).

References

  1. 1 2 Raywood, Dan (24 April 2015). "HP partner with AlienVault on Cyber Threat-Sharing Initiative". ITPortal.com. Retrieved 8 November 2015.
  2. "The World's First Truly Open Threat Intelligence Community". AlienVault. Retrieved 6 May 2018.
  3. Morphy, Erika (29 July 2015). "AlienVault OTX: Shining a Light on Enterprise Security Threats". CMS Wire. Retrieved 14 December 2015.
  4. 1 2 "AlienVault's Open Threat Exchange". InfoSecurity Magazine. 23 February 2012. Retrieved 13 December 2015.
  5. Miller, Ron (19 August 2015). "AlienVault Secures $52M Round With Eye Toward IPO". TechCrunch. Retrieved 8 November 2015.
  6. 1 2 3 Khandelwal, Swati (14 July 2014). "Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange". The Hacker News. Retrieved 14 December 2015.
  7. 1 2 Lennon, Mike (28 July 2015). "AlienVault Goes Live With Latest Open Threat Exchange". Security Week. Retrieved 13 December 2015.
  8. 1 2 3 Miller, Ron (4 April 2015). "AlienVault Announces More Social Threat Exchange". TechCrunch. Retrieved 13 December 2015.
  9. Murphy, Ian (29 July 2015). "AlienVault looks to social threat intelligence". Enterprise Times. Retrieved 15 December 2015.
  10. Jaeger, Jaclyn (11 August 2016). "AlienVault unveils latest edition of Open Threat Exchange". Compliance Week. Retrieved 22 September 2016.
  11. Barker, Ian (August 2015). "Open Threat Exchange brings a community approach to fighting attacks". betanews. Retrieved 8 November 2015.
  12. Neal, David (13 May 2015). "Intel and AlienVault partner on real-time threat information sharing". The Inquirer. Archived from the original on May 18, 2015. Retrieved 8 November 2015.{{cite news}}: CS1 maint: unfit URL (link)
  13. Jowitt, Tom (12 February 2015). "Facebook Unveils ThreatExchange Platform". TechWeek Europe. Retrieved 14 December 2015.
  14. Constantin, Lucian (16 April 2015). "IBM opens up its threat data as part of new security intelligence sharing platform". PC World. Retrieved 14 December 2015.