Cyber Threat Alliance Expands Mission through Appointment of President, Formal Incorporation as Not-for-Profit and New Founding Members

Former White House Cybersecurity Leader Joins CTA to Drive Alliance Mission of Improving Global Defenses Against Cyber Adversaries; Six Industry Leaders Collaborate on Automated Threat Intelligence Sharing Platform

The Cyber Threat Alliance (CTA) recently announced the appointment of Michael Daniel as the organization’s first president and its formal incorporation as a not-for-profit entity. Additionally, founding Members Fortinet, Intel Security, Palo Alto Networks, and Symantec recently announced the addition of Check Point Software Technologies Ltd. and Cisco as new alliance founding Members. Together, the six founding Members have contributed to the development of a new, automated threat intelligence sharing platform to exchange actionable threat data, further driving the CTA’s mission of a coordinated effort against cyber adversaries.

CTA Formalizes as an Independent Not-for-Profit Entity

Founded and actively sharing threat intelligence since 2014, the CTA has evolved to an independent organization with Michael Daniel as its President and a Board of Directors comprised of its six founding Members, Check Point, Cisco, Fortinet, Intel Security, Palo Alto Networks and Symantec. Daniel brings extensive expertise to the CTA in developing strategic cyber partnerships and programs that span the private and public sector, as well as other nations to build the most effective security solutions. The CTA’s move to an incorporated entity signifies the commitment by industry leaders to work together to determine the most effective methods for sharing automated, rich threat data and to make united progress in the fight against sophisticated cyber attacks.

Since inception, the CTA has regularly exchanged information on botnets, mobile threats and indicators of compromise (IoCs) related to advanced persistent threats (APTs), and advanced malware samples. Notable milestones of the CTA’s cooperative efforts cracked the code on CryptoWall version 3, one of the most lucrative ransomware families in the world, totaling more than US $325 million ransomed. The CTA’s research and findings pushed cybercriminals to develop CryptoWall version 4, which the CTA also uncovered and resulted in a much less successful attack, validating the power of the CTA’s cooperative threat intelligence sharing.

These coordinated efforts demonstrate that all Members of the CTA believe in protecting the common good of the Internet by sharing intelligence to combat sophisticated global cyberattacks. By bringing together industry competitors contributing their unique threat insights, the CTA builds a comprehensive view of important threat actors. With enriched understanding and enhanced protections against global attacks, members can better protect customers in real time and prioritize resources based on collective knowledge.

Information Sharing Platform Automates Collaboration on Contextual Threat Intelligence
With co-development from its six founding Members over the past year, the new CTA platform automates information sharing in near real-time to solve the problems of isolated and manual approaches to threat intelligence. The platform better organizes and structures threat information into Adversary Playbooks, pulling everything related to a specific attack campaign together in one place to increase the contextual value, quality and usability of the data. This innovative approach turns abstract threat intelligence into actionable real-world protections, enabling Members to speed up information analysis and deployment of the intelligence into their respective products.

To foster continued collaboration and incentivize meaningful threat data, the new CTA platform requires Members to automate their intelligence sharing contributions, meet a minimum contribution every day, and rewards contextualized, unique intelligence. Members will eventually be rewarded with greater levels of access based on the value and volume of the information they have contributed.

In addition to its core mission of coordinated information sharing, the CTA is also the first industry trade association designed by and exclusively for cybersecurity practitioners. Representing the collective voice of industry leaders, the CTA is committed to help shape industry best practices and continue to ensure that the most effective security is being delivered for individual customers and organizations around the world.