AlienVault OTX Community Growth Spurs Threat Intelligence Sharing and Rapid Detection and Response
Collaboration between 65,000 global participants now enhanced by Groups and Adversary Pages; Support for STIX, TAXII, and YARA included in latest release
LAS VEGAS, July 25, 2017 - At Black Hat USA 2017, AlienVault®, the leading provider of Unified Security Management™ (USM™) and crowdsourced threat intelligence, announced that its Open Threat Exchange® (OTX™) — the world’s first truly open threat intelligence community — has grown to more than 65,000 participants, a 20 percent quarter-on-quarter growth, sharing more than 14 million pieces of threat data daily.
OTX has democratized the threat intelligence market — any OTX participant can easily contribute and consume threat information for free. It is open security for all, powered by the community. To build on OTX successes, AlienVault is introducing several new features to AlienVault OTX™ including Groups, Adversary Pages and Easy Pulse Creation Tools in addition to adding several new standardized data formats to the OTX environment: STIX, TAXII, and YARA. AlienVault USM Anywhere™ users will soon be able to enjoy deeper threat analysis and tighter integration with OTX through a new threat intelligence framework, helping resource-constrained security teams to automate and orchestrate their threat detection and incident response activities. Armed with these new features, OTX members will be able to more readily identify and respond to threats and indicators of attack, and take steps to protect their environments before they’re at risk.
“AlienVault OTX proves that the most powerful tool in the fight against cybercrime is community collaboration,” Jaime Blasco, Vice President and Chief Scientist at AlienVault said. “And we have the best community online. Our OTX enhancements will provide our users with the tools they need to share the most recent threat intelligence they have on the most complex adversaries in the industry faster than ever before. In return, they get the most relevant and timely threat indicators they need to protect their environment for free.”
New OTX Enhancements Enable Collaboration & Threat Response
- Easy Pulse Creation Tools - AlienVault rebuilt the way participants can create pulses, a summary of threats, software targets, and related indicators of compromise (IOC), to better assess the risk their environment is exposed to. With Easy Pulse Creation Tools, users can now bulk-edit pulses and get feedback on which indicators were whitelisted.
- Adversary Pages - Adversary Pages compile threat information on specific threat actors and groups, and feature all related pulses and available Malware Information Sharing Platforms (MISP) project descriptions, giving users quick and easy access to the relevant threat information they need to further investigate possible threats in their own environment.
- Groups - Groups brings security researchers and practitioners together to provide users with either a public or private community forum to discuss recent trends in attack methods, threat intelligence tips and more with information relevant to their industry.
- New Standards Support - OTX now supports new standardized data formats and protocols commonly used by Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs), including STIX™ and TAXII™, enabling them to leverage OTX to curate and share threat intelligence relevant to their members.
- YARA Rules – New added support for YARA rules, including an easy-to-use YARA rule builder makes writing rules faster and less prone to errors. Anyone who contributes threat information to OTX can also build a YARA rule with that same information — boosting everyone’s overall security posture and making it easier and faster to consume actionable threat intelligence.
These updates come at a critical time as more and more companies find themselves exposed to fast-acting, and damaging, ransomware attacks. OTX is a proven tool to keep up with these threats. In fact, OTX identified indicators of compromise and issued protections against the Petya ransomware within the first two hours of its initial attack. In addition to its rapid response to Petya, AlienVault researchers also managed to add coverage for the EternalBlue exploit 18 days before the WannaCry ransomware hit the internet.
OTX Users Prioritize Threats & Focus on What Matters Most
“The information in OTX helps me to effectively prioritize threats from high to low. That in turn allows me to spend more time analyzing events that are deemed higher priority. It’s also educating me about what kind of threats security professionals are observing around the world. Many of the actual alerts OTX is sending allows me to also take preventative measures. Even if I haven’t seen any of the traffic, I am able to look at what malicious actors are doing, and then actually block malicious IP addresses,” said Jeff Dalton, Information Security Officer, Bank of Marin.
“I believe the best aspect of the AlienVault system comes ultimately from the community of users. The OTX activity notifications provides me with a great wealth of knowledge that I would not get otherwise. This is my first true experience in managing a service such as AlienVault for a long period of time. The community support is a great reference for smaller IT departments like mine that have limited resources to stay up to date with emerging threats,” said James Ellsworth, IT Technician, Sierra Gold Nursery.
- Learn more about AlienVault
- Learn more about USM Anywhere, AlienApps, USM Appliance and OTX
- Subscribe to AlienVault's blogs
- Follow AlienVault on Twitter, LinkedIn and Facebook