Attacks/Breaches
2/21/2014
03:43 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

IID Launches ActiveTrust Cyber Threat Sharing And Collaboration Network

Dozens of Major Enterprises and Government Agencies Quickly Adopt Platform to Control and Coordinate the Latest Cybersecurity Intelligence

TACOMA, Wash.– February 11, 2014 – IID, securing the Internet with shared cyber intelligence, today announced the general availability of ActiveTrust--the platform government agencies and enterprises are leveraging to confidently exchange threat intelligence and coordinate response between organizations. ActiveTrust accelerates big collaboration for actionable security intelligence by giving organizations a better way to get the security information they need; creating a dynamic, aligned and private community of security peers.

The ActiveTrust platform consists of three elements: a controlled intelligence exchange so participants can confidently share the latest threat information; a robust data layer for fast integration of feeds, apps, analytics and services; and a broad-based social collaboration network for coordination and insight between organizations. Dozens of Fortune 500 companies and U.S. government agencies are already benefitting from ActiveTrust's hundreds of contributing sources to power their existing security infrastructure, helping them stay ahead of--and take action against--the latest cyberthreats. This collaborative approach means enterprises and government agencies can increase the scope, quality and timeliness of their cybersecurity efforts, while freeing up valuable human resources.

"Much like cybercriminals have leveraged intelligence exchanges to carry out their attacks, ActiveTrust provides the 'good guys' with their own sharing networks to gather information vital to fending off attacks," said IID CEO Lars Harvey. "IID has spent more than ten years making connections between organizations to secure their networks, so it's only logical that we are launching a threat exchange platform that makes it faster, easier and more efficient than ever for organizations to identity and defend themselves against cyberattacks."

The ActiveTrust Platform allows:

Controlled Exchange

ActiveTrust members are prescreened and agree to a common set of rules for confidentiality and information usage--enabling everyone to exchange intelligence with confidence. The threat exchange platform includes robust data governance controls, so members can dictate what, where, when and with whom they share--even anonymously.

Efficient Intelligence Delivery

ActiveTrust takes disparate sources of data in various formats and standardizes it, offloading the work needed to translate data and making the intelligence instantly actionable. By plugging actionable data into whatever gear organizations have, every existing security investment becomes more valuable and powerful.

Broad-Based Collaboration Made Easy

Participation in ActiveTrust gives security professionals instant access to a wealth of data from an unprecedented breadth of allies and peers in the security ecosystem. As importantly, ActiveTrust members have the ability to share insights and discuss best practices through various features on ActiveTrust's social network, Hub.

Despite the growing danger posed by cybercrime, information vital to stemming the tide has been highly fragmented until ActiveTrust. Pockets of data about threat activity have been siloed within the repositories of individual enterprises, government organizations, vendor networks and research institutions. Furthermore, traditionally, threats have been shared between organizations and peers via email. But prognostications, with IID leading the way, have this approach changing.

Craig Lawson and Rob McMillan from Gartner, Inc., the world's leading information technology research and advisory company, wrote in the "Technology Overview for Machine-Readable Threat Intelligence" report; "By year-end 2016, 'threat intelligence broker' offerings will emerge, providing machine-readable threat intelligence from multiple sources to an array of technical security controls, independent of vendor."

For more details about ActiveTrust, go to www.internetidentity.com/activetrust/ and www.internetidentity.com/activetrust-hub/.

About IID

IID is a cybersecurity company that provides the platform to easily exchange cyber threat intelligence between enterprises and governments. Top financial firms, the largest government agencies, and leading e-commerce companies, social networks and ISPs leverage IID to detect and mitigate threats. IID was founded in 1996. The company is headquartered in Tacoma, Washington. For more information about IID, go to www.internetidentity.com.

###

Andrew Goss | Program Director

VOXUS PR for IID

agoss@voxuspr.com

o: 253.444.5446

m: 206.909.9212

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2014-2640
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-2641
Published: 2014-10-01
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.