Threat Intelligence

8/4/2017
01:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

AlienVault Updates OTX Community for Threat Intelligence Sharing, Detection and Response

LAS VEGAS, NV--(Marketwired - Jul 25, 2017) - At Black Hat USA 2017, AlienVault®, the leading provider of Unified Security Management™ (USM™) and crowdsourced threat intelligence, announced that its Open Threat Exchange® (OTX™) -- the world's first truly open threat intelligence community -- has grown to more than 65,000 participants, a 20 percent quarter-on-quarter growth, sharing more than 14 million pieces of threat data daily.

OTX has democratized the threat intelligence market -- any OTX participant can easily contribute and consume threat information for free. It is open security for all, powered by the community. To build on OTX successes, AlienVault is introducing several new features to AlienVault OTX™, including Groups, Adversary Pages, and Easy Pulse Creation Tools, in addition to adding several new standardized data formats to the OTX environment: STIX, TAXII, and YARA. AlienVault USM Anywhere™ users will soon be able to enjoy deeper threat analysis and tighter integration with OTX through a new threat intelligence framework, helping resource-constrained security teams to automate and orchestrate their threat detection and incident response activities. Armed with these new features, OTX members will be able to more readily identify and respond to threats and indicators of attack, and take steps to protect their environments before they're at risk.

"AlienVault OTX proves that the most powerful tool in the fight against cybercrime is community collaboration," Jaime Blasco, Vice President and Chief Scientist at AlienVault said. "And we have the best community online. Our OTX enhancements will provide our users with the tools they need to share the most recent threat intelligence they have on the most complex adversaries in the industry faster than ever before. In return, they get the most relevant and timely threat indicators they need to protect their environment for free."

New OTX Enhancements Enable Collaboration & Threat Response

  • Easy Pulse Creation Tools - AlienVault rebuilt the way participants can create pulses, a summary of threats, software targets, and related indicators of compromise (IOC), to better assess the risk their environment is exposed to. With Easy Pulse Creation Tools, users can now bulk-edit pulses and get feedback on which indicators were whitelisted.
  • Adversary Pages - Adversary Pages compile threat information on specific threat actors and groups, and feature all related pulses and available Malware Information Sharing Platforms (MISP) project descriptions, giving users quick and easy access to the relevant threat information they need to further investigate possible threats in their own environment.
  • Groups - Groups brings security researchers and practitioners together to provide users with either a public or private community forum to discuss recent trends in attack methods, threat intelligence tips, and more with information relevant to their industry.
  • New Standards Support - OTX now supports new standardized data formats and protocols commonly used by Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs), including STIX™ and TAXII™, enabling them to leverage OTX to curate and share threat intelligence relevant to their members. 
  • YARA Rules - New added support for YARA rules, including an easy-to-use YARA rule builder makes writing rules faster and less prone to errors. Anyone who contributes threat information to OTX can also build a YARA rule with that same information -- boosting everyone's overall security posture and making it easier and faster to consume actionable threat intelligence.

These updates come at a critical time as more and more companies find themselves exposed to fast-acting and damaging ransomware attacks. OTX is a proven tool to keep up with these threats. In fact, OTX identified indicators of compromise and issued protections against the Petya ransomware within the first two hours of its initial attack. In addition to its rapid response to Petya, AlienVault researchers also managed to add coverage for the EternalBlue exploit 18 days before the WannaCry ransomware hit the internet.

OTX Users Prioritize Threats & Focus on What Matters Most

"The information in OTX helps me to effectively prioritize threats from high to low. That in turn allows me to spend more time analyzing events that are deemed higher priority. It's also educating me about what kind of threats security professionals are observing around the world. Many of the actual alerts OTX is sending allows me to also take preventative measures. Even if I haven't seen any of the traffic, I am able to look at what malicious actors are doing, and then actually block malicious IP addresses," said Jeff Dalton, Information Security Officer, Bank of Marin.

"I believe the best aspect of the AlienVault system comes ultimately from the community of users. The OTX activity notifications provides me with a great wealth of knowledge that I would not get otherwise. This is my first true experience in managing a service such as AlienVault for a long period of time. The community support is a great reference for smaller IT departments like mine that have limited resources to stay up to date with emerging threats," said James Ellsworth, IT Technician, Sierra Gold Nursery.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.