Today, I’m excited to announce that AlienVault® Open Threat Exchange® (OTX™) has grown to 100,000 global participants, representing 36% percent year-over-year growth. AlienVault OTX, launched in 2012, is the world’s first free threat intelligence community that enables real-time collaboration between security researchers and IT security practitioners from around the world. Every day, participants from more than 140 countries contribute 19 million pieces of threat data to the community.
OTX enables companies and government agencies to gather and share relevant, timely, and accurate information about new or ongoing cyber-attacks and threats as quickly as possible to avoid major breaches (or minimize the damage from an attack). As Russell Spitler, SVP of Product for AlienVault, an AT&T company, explains, “Attackers rely on isolation - they benefit when defenders don’t talk to each other. We can’t be everywhere at once, but they can learn from each others’ experience. With the growth in OTX membership, we all benefit from the diversity of threat intelligence from an even wider variety of participants.”
To provide big-picture perspective on the billions of security artifacts contributed to OTX this year, AlienVault Security Advocate Javvad Malik and Threat Engineer Chris Doman have created the OTX Trends Report for 2018 Q1 and Q2. Like the 2017 report, this analysis reveals trends across exploits, malware, and threat actors, including top-ten rankings of the most seen exploits and adversaries recorded in vendor reports. The analysis reveals changes in the threat landscape, including a shift in the most reported exploits. For example, this year’s report reveals a rise in server exploits, as well as marking the first time an exploit targeting IoT devices (GPON Routers) has made the list of most-seen exploits.
Encouragingly, the OTX Trends Report shows an uptick in information sharing across the InfoSec industry, including a plethora of independent research sharing on Twitter. According to the report, “As more companies and researchers look at ways to share threat data, we see more usable and useful information flow into OTX. This openness and collaboration has resulted not only in organisations being able to defend themselves better - but increasing circles of trust within the industry where actual threat intelligence is being shared more openly. A trend that we have seen grow over the years.”
The sheer volume of security events included in the OTX Trends Report reflects the importance of keeping up with the latest threat intelligence. Without threat sharing, malicious actors can easily reuse effective exploits and pivot their attacks from target to target. A campaign affecting the UK legal industry can be repurposed for bankers in the United States, while security researchers operating in silos start from scratch each time. For example, the OTX Trends Report shows that the most commonly reported exploit, CVE-2017-11882, has been reused widely. By joining OTX, participants can strengthen their defenses and share real-time information about emerging threats, attack methods, and malicious actors. The diversity of OTX participants representing different countries, industries, and organization sizes provides every community member with more comprehensive set of data, enabling better threat detection.
Beyond participant-contributed threat indicators, the OTX community also benefits from the robust threat data provided by AlienVault’s broad network of OTX partners, including Intel, Microsoft MAPP, Cyber Threat Alliance, QiHoo360, Telefonica, Hewlett-Packard Enterprise, and more. OTX partner contributions enrich the threat intelligence data available within the community and support the analytics available to OTX participants. This collaboration across the InfoSec industry provides added assurance that participants have the information they need to detect the latest threats as they emerge. In addition, OTX can serve as a STIX / TAXII provider and platform, enabling ISACs and other threat intelligence providers to share their curated threat intelligence through STIX/TAXII to their devices or to their customers.
AlienVault has made it easier than ever to leverage OTX data to detect and respond to threats in your own environment. Earlier this year, we introduced OTX Endpoint Security™, a free service in OTX that allows anyone to quickly identify threats by scanning their critical endpoints. OTX participants can use the osquery-based AlienVault Agent to scan their endpoints for the presence of known indicators of compromise catalogued in OTX. For example, when a major attack like Petya or WannaCry occurs, OTX participants can run queries against the latest threat data in OTX pulses to find out if their endpoints have been compromised, without requiring additional security products. OTX Endpoint Security is available to all registered OTX participants at no cost.
For users of AlienVault USM Anywhere™, OTX provides even deeper benefits. AlienVault USM Anywhere consumes OTX threat data in multiple ways, enabling busy security teams to detect and respond to the latest global threats as they emerge, without extra cost or effort. As Lee Thomas Hagen, Strategic Consulting, Dataprise, Inc. explains, "With AlienVault we have been able to reduce lag times by not having to invest into specialized research for which we rely on AlienVault Security Labs and OTX." The AlienVault Labs Security Research Team consumes OTX threat data, applying machine learning and human analysis to validate and expand on the threat scenarios. The team uses this intelligence to curate and deliver continuous threat intelligence updates to USM Anywhere. USM Anywhere users can subscribe to OTX threat data and use it directly for correlation with any connected data source.
Whether integrated directly with USM Anywhere or synchronized with your other security products through the OTX DirectConnect API, emerging threat data from OTX can help your team keep up with the ever-changing threat landscape. According to Christian B. Caldarone, Information Security Officer at Deutsche Post Dialog Solutions GmbH, "AlienVault USM is very effective in detecting real security threats, as their OTX integrated threat intelligence has a very good reputation in the industry. Thanks to its being open to others too, other heavyweight champions like the Bro security monitor can integrate the OTX feed too (yes and this is done by many security people out there). This says more than words."