Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/24/2014
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

FS-ISAC And DTCC Announce Soltra, A Strategic Partnership To Improve Cyber Security Capabilities And Resilience Of Critical Infrastructure Organizations Worldwide

Company to Standardize and Automate Cyber Threat Intelligence Distribution, Increase Systemic Resiliency to Risks and Threats

New York and Reston, VA – SEPTEMBER 24, 2014 -- The Financial Services Information Sharing and Analysis Center (FS-ISAC), an organization focused on sharing critical cyber security threat information worldwide, and The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry, today announced the formation of a strategic joint venture to develop and market automation solutions that advance cyber security capabilities and the resilience of critical infrastructure organizations, including financial services firms and others worldwide.

The joint venture, named Soltra(TM), has been established to deliver software automation and services that collect, distill and speed the transfer of threat intelligence from a myriad of sources to help safeguard against cyber attacks. Soltra leverages FS-ISAC’s 14 years of information-sharing and analysis for critical infrastructure as well as DTCC’s expertise in high-scale, high-reliability, critical infrastructure for data processing. A true cross-industry initiative, over 125 FS-ISAC members and representatives from other critical sectors, government entities and the private sector contributed to the requirements, architecture and design of Soltra’s automation software, the Soltra Edge(TM) solution.

Soltra to Create Solution To Deliver Actionable Intelligence

Named after one of the best-known medieval beacon fire networks in Europe that warned of invaders, Soltra Edge will connect and streamline the flow of threat intelligence between communities, people, and devices by processing large amounts of threat data, improving efficiencies and enabling immediate action to counter the threat and mitigate risk.  Soltra Edge is currently being tested by users and will be generally available in late 2014.

The solution has been designed to scale to support thousands of organizations and distill large amounts of data into actionable intelligence that is easy to understand and use. It leverages open standards including Structured Threat Information eXpression (STIX™) and Trusted Automated eXchange of Indicator Information (TAXII™). The solution will include the platform, infrastructure and ecosystem to help individual organizations of all sizes, other Information Sharing and Analysis Centers (ISACs), Computer Emergency Response Teams (CERTs), industry bodies and private sector vendors to come together to streamline threat information sharing using STIX and TAXII.

“Today, most cyber threat information is provided manually to users from various, unconnected industry sources. Because of this, on average, it can take firms seven hours to evaluate each threat,” states Mark Clancy, CEO of Soltra, CISO of DTCC and Board Member of FS-ISAC. “With Soltra Edge, one organization’s incident becomes everyone’s defense. The solution will enable clients to send, receive, and store cyber security threat intelligence in a streamlined and automated format, enabling these firms to deploy safeguards against a potential cyber attack.”

“As a joint venture, Soltra has assembled a world-class team and support from some of the most respected companies in the world in order to architect and build a solution for tomorrow’s information sharing,” says Bill Nelson, president of Soltra and president and CEO of FS-ISAC. “Today’s threat intelligence sharing must occur at network speeds. It needs to reduce the workload for security analysts and for smaller organizations. It needs to be available for all critical sectors in order to share information within each sector and also cross-sector to increase resiliency from cyber threats.”

“We believe that combating cyber threats requires partnering across companies and industries—that we are all in this together,” said Sean Franklin, Vice President of Cyber Intelligence, American Express Company and Board Member of FS-ISAC.  “Automating the exchange of threat information will play a vital role in creating a robust community defense strategy that benefits participating members.”

 

About DTCC

With over 40 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From operating facilities, data centers and offices in 15 countries, DTCC, through its subsidiaries, automates, centralizes, and standardizes the post-trade processing of financial transactions, mitigating risk, increasing transparency and driving efficiency for thousands of broker/dealers, custodian banks and asset managers worldwide. User owned and industry governed, the firm simplifies the complexities of clearing, settlement, asset servicing, data management and information services across asset classes, bringing increased security and soundness to the financial markets. In 2013, DTCC’s subsidiaries processed securities transactions valued at approximately US$1.6 quadrillion. Its depository provides custody and asset servicing for securities issues from 139 countries and territories valued at US$43 trillion. DTCC’s global trade repository processes tens of millions of submissions per week. To learn more, please visit dtcc.com, or follow us on Twitter: @The_DTCC

 

About FS-ISAC

 

The Financial Services Information Sharing and Analysis Center, formed in 1999, is a member-owned non-profit and private financial sector initiative. It was designed and developed by its member institutions. Its primary function is to share timely, relevant and actionable physical and cyber security threat and incident information to enhance the ability of the financial services sector to prepare for, respond to, and mitigate the risk associated with these threats. Constantly gathering reliable and timely information between its members, and from financial services providers, commercial security firms, government agencies, law enforcement and other trusted resources, the FS-ISAC is uniquely positioned to quickly disseminate physical and cyber threat alerts and other critical information. This information includes analysis and recommended solutions from leading industry experts. Please visit our website (www.fsisac.com) for additional information.

 

 

# # #

 

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18885
PUBLISHED: 2019-11-14
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
CVE-2019-18895
PUBLISHED: 2019-11-14
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
CVE-2019-18957
PUBLISHED: 2019-11-14
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
CVE-2019-16863
PUBLISHED: 2019-11-14
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
CVE-2019-18949
PUBLISHED: 2019-11-14
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.