Attacks/Breaches
2/21/2014
03:43 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

IID Launches ActiveTrust Cyber Threat Sharing And Collaboration Network

Dozens of Major Enterprises and Government Agencies Quickly Adopt Platform to Control and Coordinate the Latest Cybersecurity Intelligence

TACOMA, Wash.– February 11, 2014 – IID, securing the Internet with shared cyber intelligence, today announced the general availability of ActiveTrust--the platform government agencies and enterprises are leveraging to confidently exchange threat intelligence and coordinate response between organizations. ActiveTrust accelerates big collaboration for actionable security intelligence by giving organizations a better way to get the security information they need; creating a dynamic, aligned and private community of security peers.

The ActiveTrust platform consists of three elements: a controlled intelligence exchange so participants can confidently share the latest threat information; a robust data layer for fast integration of feeds, apps, analytics and services; and a broad-based social collaboration network for coordination and insight between organizations. Dozens of Fortune 500 companies and U.S. government agencies are already benefitting from ActiveTrust's hundreds of contributing sources to power their existing security infrastructure, helping them stay ahead of--and take action against--the latest cyberthreats. This collaborative approach means enterprises and government agencies can increase the scope, quality and timeliness of their cybersecurity efforts, while freeing up valuable human resources.

"Much like cybercriminals have leveraged intelligence exchanges to carry out their attacks, ActiveTrust provides the 'good guys' with their own sharing networks to gather information vital to fending off attacks," said IID CEO Lars Harvey. "IID has spent more than ten years making connections between organizations to secure their networks, so it's only logical that we are launching a threat exchange platform that makes it faster, easier and more efficient than ever for organizations to identity and defend themselves against cyberattacks."

The ActiveTrust Platform allows:

Controlled Exchange

ActiveTrust members are prescreened and agree to a common set of rules for confidentiality and information usage--enabling everyone to exchange intelligence with confidence. The threat exchange platform includes robust data governance controls, so members can dictate what, where, when and with whom they share--even anonymously.

Efficient Intelligence Delivery

ActiveTrust takes disparate sources of data in various formats and standardizes it, offloading the work needed to translate data and making the intelligence instantly actionable. By plugging actionable data into whatever gear organizations have, every existing security investment becomes more valuable and powerful.

Broad-Based Collaboration Made Easy

Participation in ActiveTrust gives security professionals instant access to a wealth of data from an unprecedented breadth of allies and peers in the security ecosystem. As importantly, ActiveTrust members have the ability to share insights and discuss best practices through various features on ActiveTrust's social network, Hub.

Despite the growing danger posed by cybercrime, information vital to stemming the tide has been highly fragmented until ActiveTrust. Pockets of data about threat activity have been siloed within the repositories of individual enterprises, government organizations, vendor networks and research institutions. Furthermore, traditionally, threats have been shared between organizations and peers via email. But prognostications, with IID leading the way, have this approach changing.

Craig Lawson and Rob McMillan from Gartner, Inc., the world's leading information technology research and advisory company, wrote in the "Technology Overview for Machine-Readable Threat Intelligence" report; "By year-end 2016, 'threat intelligence broker' offerings will emerge, providing machine-readable threat intelligence from multiple sources to an array of technical security controls, independent of vendor."

For more details about ActiveTrust, go to www.internetidentity.com/activetrust/ and www.internetidentity.com/activetrust-hub/.

About IID

IID is a cybersecurity company that provides the platform to easily exchange cyber threat intelligence between enterprises and governments. Top financial firms, the largest government agencies, and leading e-commerce companies, social networks and ISPs leverage IID to detect and mitigate threats. IID was founded in 1996. The company is headquartered in Tacoma, Washington. For more information about IID, go to www.internetidentity.com.

###

Andrew Goss | Program Director

VOXUS PR for IID

agoss@voxuspr.com

o: 253.444.5446

m: 206.909.9212

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.