AlienVault, provider of Unified Security Management and crowd-sourced threat intelligence, has announced the general availability of an updated version of Open Threat Exchange (OTX), its open threat intelligence community that enables collaborative defense with actionable, community-powered threat data.
The latest OTX offering, in beta since April 2015, is modeled on social sharing technologies, enabling security practitioners from around the world to openly research and collaborate on emerging threats, correlate data better and quickly implement that threat data into their own security systems, including AlienVault's Unified Security Management (USM) v5.1, which is also generally available today. Launched in 2012 as one of the first crowd-sourced threat-sharing systems in the industry, OTX now has more than 26,000 participants in over 140 countries that contribute more than one million threat indicators daily.
"Nearly every vendor has some sort of threat service or product, but access is often limited unless you're a customer or willing to pay a fee to consume that data," said Stefan Schwoegler, Director of NetOps at b Spot, a mobile games community that lets you legally bet and win cash in the U.S. "What is compelling about AlienVault OTX is that it is open to anyone to participate or contribute, and it is truly a community where individuals can share, explore, challenge and validate threat data. OTX essentially gives practitioners everywhere their own security research organization."
Powered by a sophisticated big data platform that combines natural language processing and machine learning to automate the collection and correlation of threat data from a variety of sources like third-party threat feeds, blogs, external API and local agents, the latest version of OTX contains thousands of threats, or pulses, created by OTX participants. Each OTX pulse provides users with a summary of the threat, a view into the software targeted and the related indicators of compromise (IoC) that can be used to spot attacker activity and detect threats, like IP addresses, domains, malware samples, emails and file hashes.
"We created the Open Threat Exchange on a core belief of strength in numbers," said Barmak Meftah, president and CEO of AlienVault. "It has been shown time and time again, that if we work together as a community and freely share threat information and resources we can identify attacks sooner and react quicker, before they become devastating breaches. A collaborative defense is the only way to get ahead of the attackers. Security wins when we go on the offensive."
Participants in the AlienVault OTX community can:
- Create + Share Pulses: Users who observe suspicious or malicious behavior are able to create a Pulse or add additional IoCs onto an existing pulse. This transforms threat data from one-way communication (e.g., from a vendor's research team to subscribers) to open two-way communication. This also allows for community-based validation of a user's findings where participants can also up-vote and comment on individual pulses to help others identify useful threat data.
- Subscribe + Follow Pulses: Users can automatically instrument their security defenses based on pulses produced by specific users or pulses relating to specific threats, saving time and ensuring their security controls are up to date against the threats they care most about.
- Export + Integrate Pulses: With the new AlienVault DirectConnect API, users can automatically download threat data and IoCs from OTX and integrate them into their existing security infrastructure using open standards such as STIX, OpenIoC and CSV. For AlienVault customers, data from OTX is automatically instrumented into the AlienVault USM platform.
"We have found the OTX 2.0 integration with USM capable of taking threat detection to the next level," said Grant Leonard, co-founder of Castra Consulting. "We are excited to see hashes and domain matching alongside IP in near real-time correlation with our client data. We enjoy direct current information on what we are seeing right at our fingertips. This single innovation is really what helps us find the 'right now' threat vectors for our clients."