London, New York and Reston, VA – NOVEMBER 4, 2014 – Soltra™, an FS-ISAC and DTCC joint venture created to help secure critical infrastructure entities from cyber threats, today announced the first industry-driven threat intelligence sharing solution, Soltra Edge™. Soltra Edge is a software solution designed to collect massive amounts of cyber threat intelligence from a variety of sources, convert it into standardized language and enable users to take immediate action.
Soltra Edge collects, standardizes and routes the flow of cyber threat intelligence between people, communities and devices. The basic version of Soltra Edge, which contains the features most needed by many organizations, will be available at no cost. Additional versions that support the requirements of larger entities will also be released. Soltra Edge leverages open standards, including Structured Threat Information eXpression (STIX™), which is a uniform format for the actual threat information, and Trusted Automated eXchange of Indicator Information (TAXII™), which is an open standards protocol for routing that threat information.
For example, a financial institution could use Soltra Edge to instantly import threat information from multiple sources, including threat intelligence vendors, FS-ISAC other Information Sharing and Analysis Centers (ISACs), Computer Emergency Response Teams (CERTs), industry bodies and private sector vendors, convert it automatically into STIX format, deduplicate the data, prioritize the most important intelligence and then route that to a security device that supports STIX and TAXII in order to block a suspected threat on a corporate network, all in a matter of seconds. Each entity using Soltra Edge maintains its own data, sets its own security controls for the type of information shared and manages its own sharing relationships with other entities.
Soltra Edge represents a cross-industry initiative, with over 150 FS-ISAC members, as well as representatives from other critical sectors and ISACs, government entities and the private sector, contributing to the requirements, architecture and design of the service. Soltra Edge has 45 companies piloting the solution. Soltra Edge leverages best practices established over the past 14 years for sharing information within and between industry sectors.
“Soltra Edge will provide companies with stronger safeguards to protect against cyber attacks. In the current environment, cyber attackers can use a few hundred dollars worth of software and the power of cloud computing to launch attacks that require exponential resources to defend and mitigate,” said Mark Clancy, CEO of Soltra, CISO of DTCC and Board Member of FS-ISAC. “Soltra Edge is a dynamic, new approach that enables companies across the globe to quickly share threat intelligence and substantially reduce the cost and effort to defend critical technology systems.”
“We need to re-imagine cyber security and get beyond a silo’d organization, disparate vendor mentality. Soltra Edge is all about collaboration,” says Bill Nelson, president of Soltra and president and CEO of FS-ISAC. “Soltra Edge will do for cyber security what networking protocols did for computer networks decades ago. It will connect thousands of entities globally, enable them to communicate using a consistent language and help organizations take immediate action. The more critical entities that use Soltra Edge and the more cyber security vendors that plug into Soltra Edge using adapters, the more potent the defense for all those connected.”
The basic version of Soltra Edge, which includes the capabilities required for the majority of users, will be available at no cost. For larger organizations, two enhanced versions of Soltra Edge will be released with additional features that support scalability and redundancy. Pricing for those enhanced versions is available directly from Soltra. Soltra Edge will be generally available on or around December 2, 2014.
Soltra is working with private sector vendors to develop adapters to state of the art security solutions including threat intelligence feeds, security information and event management (SIEM) systems, firewalls, intrusion detection and prevention devices, anti-virus software and other solutions to enable the broadest applicability of Soltra Edge to cyber security prevention, defenses and mitigation.
“Technology resilience requires cyber-threat information sharing. Today's information sharing must occur at network speeds,” says Richard K. Davis, Chairman, President and Chief Executive Officer, U.S. Bancorp. “Thanks to the contributions of hundreds of entities, Soltra Edge is truly created by users, for users, to enable real-time sharing. We are proud to be part of this effort and look forward to seeing steady adoption of the technology across the financial sector." "
“The discussion of cyber security has moved out of the server room and into the board room,” says Kelly King, Chairman and Chief Executive Officer, BB&T Corporation. “Defending against today's cyber threats and attacks often takes more than any one organization, it takes an industry working together. We see Soltra Edge as a pivotal part of our community defense efforts.”
Soltra, which developed Soltra Edge, is a joint venture between the Financial Services Information Sharing and Analysis Center (FS-ISAC), an organization focused on sharing critical cyber security threat information worldwide, and The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry.
With over 40 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From operating facilities, data centers and offices in 15 countries, DTCC, through its subsidiaries, automates, centralizes, and standardizes the post-trade processing of financial transactions, mitigating risk, increasing transparency and driving efficiency for thousands of broker/dealers, custodian banks and asset managers worldwide. User owned and industry governed, the firm simplifies the complexities of clearing, settlement, asset servicing, data management and information services across asset classes, bringing increased security and soundness to the financial markets. In 2013, DTCC’s subsidiaries processed securities transactions valued at approximately US$1.6 quadrillion. Its depository provides custody and asset servicing for securities issues from 139 countries and territories valued at US$43 trillion. DTCC’s global trade repository processes tens of millions of submissions per week. To learn more, please visit dtcc.com, or follow us on Twitter: @The_DTCC
The Financial Services Information Sharing and Analysis Center, formed in 1999, is a member-owned non-profit and private financial sector initiative. It was designed and developed by its member institutions. Its primary function is to share timely, relevant and actionable physical and cyber security threat and incident information to enhance the ability of the financial services sector to prepare for, respond to, and mitigate the risk associated with these threats. Constantly gathering reliable and timely information between its members, and from financial services providers, commercial security firms, government agencies, law enforcement and other trusted resources, the FS-ISAC is uniquely positioned to quickly disseminate physical and cyber threat alerts and other critical information. This information includes analysis and recommended solutions from leading industry experts. Please visit our website (www.fsisac.com) for additional information.