Netskope today launched a Cloud Threat Exchange portal through which it will share threat intelligence with customers and partners for free.
Company CTO Krishna Narayanaswamy said the Cloud Threat Exchange will automate the delivery and distribution in real-time of actionable threat intelligence gathered by it and partners, including Carbon Black, CrowdStrike, Cybereason, Mimecast, SentinelOne and ThreatQuotient.
The goal is to elevate awareness of the rate at which new cybersecurity threats are manifesting themselves as part of an effort to encourage organizations to rely more on security automation to combat those threats, he said.
Narayanaswamy said the Cloud Threat Exchange overcomes that challenge by encouraging participants to standardize on Structured Threat Information Expression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) interface standards to normalize how security data is consumed in real-time. Reliance on STIX/TAXXII standards will also make it possible for organizations to be added to the Exchange data feed by developing their own plug-in, he noted.
While security vendors have always been willing to share threat intelligence, the process has been cumbersome to the point in which that information arrives too late for the end customer, especially when trying to combat zero-day attacks. Threat intelligence shared via the exchange will include file hashes, malicious URLs and data loss prevention (DLP) file signatures as part of an effort to reduce the time between when threats are discovered and countermeasures are implemented.
Real-time threat intelligence has become more crucial because attacks are increasing in both volume and sophistication. Netskope reported that between Jan. 1 and June 30, cloud malware delivery and cloud phishing were the two most common types of cloud threats, with 63% of malware delivered via cloud applications. Cybercriminals are also combining multiple types of attacks as part of an effort to breach defenses and then laterally distribute malware across multiple systems.
Cloud Threat Exchange is not the first time security vendors have come together to share threat intelligence. However, by making threat intelligence available for free, vendors are signaling they are willing to put more skin in the cybersecurity game. Rather than simply selling security platforms and then trying to monetize threat information feeds, a free service that delivers critical information in real-time adds value to investments in platforms that organizations have already made. Of course, there are other sources of free cybersecurity threat information, but end customers typically have to set up their own systems to consume that intelligence.
They say to be forewarned is to be forearmed. Too many cybersecurity teams are reacting to threats long after they’ve been compromised. As a result, the effort required to clean up attacks is that much greater. There will always be some new threat. However, the amount of time that threat is out there inflicting damage needs to be narrowed considerably for cybersecurity teams to be truly effective. After all, no one can combat a threat they didn’t know existed in the first place until it’s far too late to do much about.