Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Dark Reading
Dark Reading
Products and Releases


Becomes The Second ISAC to Leverage the Solution to Strengthen Cyber Threat Intelligence Capabilities with Soltra

Reston, VA – MAY 5, 2015 – Soltra™, a joint venture of FS-ISAC and The Depository Trust & Clearing Corporation (DTCC), today announced, along with the National Healthcare and Public Health Information Sharing and Analysis Center (NH-ISAC), the selection of Soltra Edge™ as the NH-ISAC community’s cyber threat solution. By standardizing on Soltra Edge, the first industry-driven threat intelligence sharing platform, NH-ISAC enables its members to more quickly detect, prevent and respond to cyber risks and threats.

Deborah Kobza, Executive Director of the NH-ISAC, said, “Recent high-profile cyber attacks and criminal actions targeting the healthcare sector require a new approach. We believe that a mature community defense model, supported by automated threat indicator processing using Soltra Edge, will turn the tables on cyber criminals and strengthen our resiliency against attack.”

Soltra Edge is an on-premise software solution that collects cyber threat intelligence from various sources, converts it into an industry standard language and provides actionable intelligence to help users better protect their organizations. Soltra Edge is designed for entities of all sizes, even those with limited security operations resources. The basic, feature-rich version of Soltra Edge is available for free and takes about 15 minutes to download and configure.

Mark Clancy, CEO of Soltra, CISO of DTCC and Board Member of FS-ISAC, said, “The healthcare sector faces unique cyber challenges that are exacerbated by substantial regulation, the need to protect sensitive data types, including personal information and corporate trade secrets, as well as the growing use of portable devices in healthcare practices. NH-ISAC is taking a proactive, industry-leading approach that cuts across these challenges and enables members to turn intelligence into action.”

Jim Routh, chair of NH-ISAC’s products committee and Chief Information Security Officer at Aetna, said, “As a security practitioner, I rely daily on the sharing of vital cyber security intelligence and threat indicators to improve resiliency within the health sector. Soltra Edge is an essential platform supporting industry standards (STIX and TAXII) that is core to what every NH-ISAC member depends on.

Bill Nelson, President of Soltra and President and CEO of FS-ISAC, said, “The velocity and scope of today’s cyber attacks on the healthcare sector is unprecedented and requires a disruptive solution like Soltra Edge. The goal of Soltra Edge is to transform the average time it takes to chase down a threat indicator from seven hours to less than seven seconds. NH-ISAC has worked diligently to establish sharing best practices including circles of trust, and Soltra Edge will help take information sharing to the next level.”

Soltra Edge can be downloaded today by most healthcare, public health and other organizations. Soltra Edge leverages open standards, including Structured Threat Information eXpression (STIX™), a uniform format for the threat information, and Trusted Automated eXchange of Indicator Information (TAXII™), an open standards protocol for routing that threat information. Soltra Edge is a platform and ecosystem designed to integrate tightly with many vendor solutions, including threat intelligence feeds, security information management and security controls such as firewalls and intrusion prevention solutions. The NH-ISAC threat intelligence platform leverages multiple technologies, including Soltra Edge, Vorstack and other solutions.

About the NH-ISAC

NH-ISAC, a non-profit health sector-led organization is recognized by the nation's health sector, the US Department of Health and Human Services (HHS), the US Department of Homeland Security (DHS), the National Security Agency (NSA), FBI, and the National Council of ISACs (NCI Directorate) representing all national critical infrastructures. NH-ISAC has over 150 member firms sharing cyber security information exclusive to the healthcare industry. More information regarding NH-ISAC and the TIP can be found here http://www.nhisac.org/


About Soltra

Soltra, which developed Soltra Edge, is a joint venture between the Financial Services Information Sharing and Analysis Center (FS-ISAC), an organization focused on sharing critical cyber security threat information worldwide, and The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry. Soltra Edge enables critical entities to import structured and unstructured threat information, standardize and organize that threat information using STIX formats, and instantly route that uniform threat intelligence via the TAXII standard to devices and analysts in order to take immediate action to prevent cyber incidents. The software takes only a few minutes to download, install and configure and a basic license is available at no cost. Learn more at www.soltra.com and download a free copy of Soltra Edge at forums.soltra.com.



Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.