Threat Intelligence

8/4/2017
01:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

AlienVault Updates OTX Community for Threat Intelligence Sharing, Detection and Response

LAS VEGAS, NV--(Marketwired - Jul 25, 2017) - At Black Hat USA 2017, AlienVault®, the leading provider of Unified Security Management™ (USM™) and crowdsourced threat intelligence, announced that its Open Threat Exchange® (OTX™) -- the world's first truly open threat intelligence community -- has grown to more than 65,000 participants, a 20 percent quarter-on-quarter growth, sharing more than 14 million pieces of threat data daily.

OTX has democratized the threat intelligence market -- any OTX participant can easily contribute and consume threat information for free. It is open security for all, powered by the community. To build on OTX successes, AlienVault is introducing several new features to AlienVault OTX™, including Groups, Adversary Pages, and Easy Pulse Creation Tools, in addition to adding several new standardized data formats to the OTX environment: STIX, TAXII, and YARA. AlienVault USM Anywhere™ users will soon be able to enjoy deeper threat analysis and tighter integration with OTX through a new threat intelligence framework, helping resource-constrained security teams to automate and orchestrate their threat detection and incident response activities. Armed with these new features, OTX members will be able to more readily identify and respond to threats and indicators of attack, and take steps to protect their environments before they're at risk.

"AlienVault OTX proves that the most powerful tool in the fight against cybercrime is community collaboration," Jaime Blasco, Vice President and Chief Scientist at AlienVault said. "And we have the best community online. Our OTX enhancements will provide our users with the tools they need to share the most recent threat intelligence they have on the most complex adversaries in the industry faster than ever before. In return, they get the most relevant and timely threat indicators they need to protect their environment for free."

New OTX Enhancements Enable Collaboration & Threat Response

  • Easy Pulse Creation Tools - AlienVault rebuilt the way participants can create pulses, a summary of threats, software targets, and related indicators of compromise (IOC), to better assess the risk their environment is exposed to. With Easy Pulse Creation Tools, users can now bulk-edit pulses and get feedback on which indicators were whitelisted.
  • Adversary Pages - Adversary Pages compile threat information on specific threat actors and groups, and feature all related pulses and available Malware Information Sharing Platforms (MISP) project descriptions, giving users quick and easy access to the relevant threat information they need to further investigate possible threats in their own environment.
  • Groups - Groups brings security researchers and practitioners together to provide users with either a public or private community forum to discuss recent trends in attack methods, threat intelligence tips, and more with information relevant to their industry.
  • New Standards Support - OTX now supports new standardized data formats and protocols commonly used by Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs), including STIX™ and TAXII™, enabling them to leverage OTX to curate and share threat intelligence relevant to their members. 
  • YARA Rules - New added support for YARA rules, including an easy-to-use YARA rule builder makes writing rules faster and less prone to errors. Anyone who contributes threat information to OTX can also build a YARA rule with that same information -- boosting everyone's overall security posture and making it easier and faster to consume actionable threat intelligence.

These updates come at a critical time as more and more companies find themselves exposed to fast-acting and damaging ransomware attacks. OTX is a proven tool to keep up with these threats. In fact, OTX identified indicators of compromise and issued protections against the Petya ransomware within the first two hours of its initial attack. In addition to its rapid response to Petya, AlienVault researchers also managed to add coverage for the EternalBlue exploit 18 days before the WannaCry ransomware hit the internet.

OTX Users Prioritize Threats & Focus on What Matters Most

"The information in OTX helps me to effectively prioritize threats from high to low. That in turn allows me to spend more time analyzing events that are deemed higher priority. It's also educating me about what kind of threats security professionals are observing around the world. Many of the actual alerts OTX is sending allows me to also take preventative measures. Even if I haven't seen any of the traffic, I am able to look at what malicious actors are doing, and then actually block malicious IP addresses," said Jeff Dalton, Information Security Officer, Bank of Marin.

"I believe the best aspect of the AlienVault system comes ultimately from the community of users. The OTX activity notifications provides me with a great wealth of knowledge that I would not get otherwise. This is my first true experience in managing a service such as AlienVault for a long period of time. The community support is a great reference for smaller IT departments like mine that have limited resources to stay up to date with emerging threats," said James Ellsworth, IT Technician, Sierra Gold Nursery.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.