AlienVault, provider of Unified Security Management and crowd-sourced threat intelligence, has announced a new, enhanced version of Open Threat Exchange (OTX), its open threat intelligence community that enables collaborative defence with actionable, community-powered threat data.
The OTX community has grown rapidly since its initial launch four years ago. It now has more than 37,000 participants in 140 countries, who contribute over 3 million threat indicators daily. Of these, more than 10,000 members are actively collaborating in the new OTX portal, which was introduced in August 2015. Modeled on social sharing technologies, OTX enables security practitioners from around the world to research and collaborate on emerging threats, and they may use the shared data in the exchange to update their own security systems. AlienVault USM customers automatically receive the threat intelligence of OTX through the USM console, enabling rapid detection of the latest threats.
"When we introduced OTX in 2012, we changed the way IT departments consume threat intelligence by offering an open, collaborative network for practitioners and researchers to openly share threat intelligence," said Russ Spitler, vice president, product strategy at AlienVault. "AlienVault was the first and only vendor to take this step and start providing the free services and tools that enable everyone in the OTX community to contribute their own threat data, and in return, get access to everyone else's threat data. This exchange allows for a crowd-sourced, open and collaborative forum that can get threat intelligence from around the world from actual victims of attacks, which is an invaluable benefit for OTX users."
With this new release, OTX has enhanced the ability of the community to collaborate. Each OTX participant can now contribute their own knowledge about emerging threats to improve the ability of the community to effectively detect and respond to them. OTX members can now submit edits and other relevant data such as additional indicators of compromise (IOCs) to help improve the clarity and accuracy of the data, resulting in a more actionable threat stream.
Threat data is also anonymized so that users and pulse submitters can protect their identity. In addition, OTX members are now able to use the DirectConnect API to pull the latest threat data directly into the tools they have deployed in their network such as TAXII, BRO-IDS, OSSIM, MISP, LOKI and Suricata. For USM customers, AlienVault analyzes OTX threat data, writes correlation rules and directives and provides those updates automatically through the USM platform, a unique service that no other vendor provides.
Feedback from OTX users
"AlienVault OTX has interested me from its inception and now figures prominently in MLSec Project's recent research about Threat Intelligence Sharing communities. It is clearly a platform that is innovating in ways to gather more participant interest to share threat-related data," said Alex Pinto, Lead at MLSec Project. "OTX is lowering the technical barrier of automated sharing by providing automated IOC extractors with built in whitelists, and allowing new ways for trust relationships to be formed by fostering reputation building through 'follows' and 'likes' similar to a social network."
"Given that our goal at Niddel is to allow organisations to apply threat intelligence to their information security monitoring with minimal head count, integrating with AlienVault OTX was a very easy decision. It is an innovative sharing platform with a well designed API and a thriving community," said Alexandre Sieira, CTO at Niddel. "Our customers have benefitted from being able to ingest indicators from contributors we select and from others of their own choosing. The quality, applicability and timeliness of the data positively impacts our machine learning models' capacity to reduce false positives and find novel threats."