Threat Intelligence

8/4/2017
01:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

AlienVault Updates OTX Community for Threat Intelligence Sharing, Detection and Response

LAS VEGAS, NV--(Marketwired - Jul 25, 2017) - At Black Hat USA 2017, AlienVault®, the leading provider of Unified Security Management™ (USM™) and crowdsourced threat intelligence, announced that its Open Threat Exchange® (OTX™) -- the world's first truly open threat intelligence community -- has grown to more than 65,000 participants, a 20 percent quarter-on-quarter growth, sharing more than 14 million pieces of threat data daily.

OTX has democratized the threat intelligence market -- any OTX participant can easily contribute and consume threat information for free. It is open security for all, powered by the community. To build on OTX successes, AlienVault is introducing several new features to AlienVault OTX™, including Groups, Adversary Pages, and Easy Pulse Creation Tools, in addition to adding several new standardized data formats to the OTX environment: STIX, TAXII, and YARA. AlienVault USM Anywhere™ users will soon be able to enjoy deeper threat analysis and tighter integration with OTX through a new threat intelligence framework, helping resource-constrained security teams to automate and orchestrate their threat detection and incident response activities. Armed with these new features, OTX members will be able to more readily identify and respond to threats and indicators of attack, and take steps to protect their environments before they're at risk.

"AlienVault OTX proves that the most powerful tool in the fight against cybercrime is community collaboration," Jaime Blasco, Vice President and Chief Scientist at AlienVault said. "And we have the best community online. Our OTX enhancements will provide our users with the tools they need to share the most recent threat intelligence they have on the most complex adversaries in the industry faster than ever before. In return, they get the most relevant and timely threat indicators they need to protect their environment for free."

New OTX Enhancements Enable Collaboration & Threat Response

  • Easy Pulse Creation Tools - AlienVault rebuilt the way participants can create pulses, a summary of threats, software targets, and related indicators of compromise (IOC), to better assess the risk their environment is exposed to. With Easy Pulse Creation Tools, users can now bulk-edit pulses and get feedback on which indicators were whitelisted.
  • Adversary Pages - Adversary Pages compile threat information on specific threat actors and groups, and feature all related pulses and available Malware Information Sharing Platforms (MISP) project descriptions, giving users quick and easy access to the relevant threat information they need to further investigate possible threats in their own environment.
  • Groups - Groups brings security researchers and practitioners together to provide users with either a public or private community forum to discuss recent trends in attack methods, threat intelligence tips, and more with information relevant to their industry.
  • New Standards Support - OTX now supports new standardized data formats and protocols commonly used by Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs), including STIX™ and TAXII™, enabling them to leverage OTX to curate and share threat intelligence relevant to their members. 
  • YARA Rules - New added support for YARA rules, including an easy-to-use YARA rule builder makes writing rules faster and less prone to errors. Anyone who contributes threat information to OTX can also build a YARA rule with that same information -- boosting everyone's overall security posture and making it easier and faster to consume actionable threat intelligence.

These updates come at a critical time as more and more companies find themselves exposed to fast-acting and damaging ransomware attacks. OTX is a proven tool to keep up with these threats. In fact, OTX identified indicators of compromise and issued protections against the Petya ransomware within the first two hours of its initial attack. In addition to its rapid response to Petya, AlienVault researchers also managed to add coverage for the EternalBlue exploit 18 days before the WannaCry ransomware hit the internet.

OTX Users Prioritize Threats & Focus on What Matters Most

"The information in OTX helps me to effectively prioritize threats from high to low. That in turn allows me to spend more time analyzing events that are deemed higher priority. It's also educating me about what kind of threats security professionals are observing around the world. Many of the actual alerts OTX is sending allows me to also take preventative measures. Even if I haven't seen any of the traffic, I am able to look at what malicious actors are doing, and then actually block malicious IP addresses," said Jeff Dalton, Information Security Officer, Bank of Marin.

"I believe the best aspect of the AlienVault system comes ultimately from the community of users. The OTX activity notifications provides me with a great wealth of knowledge that I would not get otherwise. This is my first true experience in managing a service such as AlienVault for a long period of time. The community support is a great reference for smaller IT departments like mine that have limited resources to stay up to date with emerging threats," said James Ellsworth, IT Technician, Sierra Gold Nursery.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-10727
PUBLISHED: 2018-07-20
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive ...
CVE-2018-8018
PUBLISHED: 2018-07-20
Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a spe...
CVE-2018-14415
PUBLISHED: 2018-07-20
An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
CVE-2018-14418
PUBLISHED: 2018-07-20
In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.
CVE-2018-14419
PUBLISHED: 2018-07-20
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.