The deal with FS-ISAC will give 6,500 companies in the financial services access to threat intelligence data from IBM X-Force Exchange which was launched in April this year. This is to be a two-way deal as the second part of this announcement below shows. As such, it significantly extends the threat intelligence reach of IBM and will enable better tracking of cyber attacks and exploits across the financial services and other key markets.
According to a statement in the press release from Kris Herrin, senior vice president global business services, FS-ISAC: “FS-ISAC has experienced tremendous membership growth all over the world, and we are seeing cross-border and cross-sector sharing ramp up substantially. We are constantly looking for high value solutions and services to offer our members and our work with IBM Security will help us better utilize data and analytics to further automate information sharing with our global members.”
Threat Intelligence sharing deal a major breakthrough
While the first deal expands the reach of IBM X-Force Exchange, it is the second deal in this release that is of more interest. IBM has announced that it has the support of Soltra Edge, a cyber threat intelligence solution. Soltra is a joint development between The Depository Trust & Clearing Corporation (DTCC) and FS-ISAC.
Like IBM X-Force Threat Intelligence, Soltra gathers information on threats and attacks from its members. It also provides them with data that they can use to defend their environments. Data is also shared with the Structured Threat Information eXchange (STIX) and Trusted Automated eXchange of Indicator Information (TAXII).
As part of this deal IBM is to provide consulting and systems for Soltra Edge. According to the press release this will include helping Soltra Edge enhance its support for STIX and TAXII as well as the Cyber Observable eXpression (CybOX) standards. The plan is to speed up the reporting of threat intelligence and attacks to the three bodies.
While IBM X_Force could have simply accessed the data from Soltra through STIX and TAXII, the fact that the two organisations have chosen to work more closely together is important. It indicates a maturity of the awareness of the speed required when tracking new attacks. It also shows that it is possible for organisations to share threat intelligence without worrying about any risk to the sales of their own products.
Mark Clancy, CEO Soltra said: “Defending against today’s cyber threats and attacks takes the collaboration of many industries working together. We see Soltra Edge as a pivotal part of a community’s defense efforts and IBM’s support will help activate these defenses across a broader community of firms in multiple sectors.”
OASIS jumps in on the threat intelligence market
According to the press release: ‘As part of this deal IBM will become a foundation sponsor of the OASIS Cyber Threat Intelligence (CTI) Technical Committee to help develop and promote adoption of standards that enable cyber threat intelligence to be analyzed and shared among trusted partners and communities.’
This raises a serious question about the move by OASIS. STIX and TAXII are both doing well in terms of attracting support from cyber security vendors when it comes to sharing data. Information is flowing through both and this means that the need to share data is already accepted by the industry.
It would surely have been better to allow both organisations to set the de-facto standards without complicating the scenario with a standards body involvement. After all, we are at the early stages of threat intelligence sharing and unlike the early days of virus and malware attacks where vendors were loathe to share data and even used their own naming conventions for the same attacks, the current threat intelligence community knows it has to work together.
We should hear more about the OASIS move over the next few months as IBM and other members begin to talk about the goals and aims. One hopes that those goals will include embracing the work done by STIX and TAXII rather than end up trying to compete with them.
Conclusion
This is a good announcement at all levels. The more threat intelligence is shared, the easier it will be to track and understand threats. We are already seeing cyber attackers beginning to test some of their techniques in small scale attacks. This enables them to refine their attacks to deal with any detection and create a smokescreen by targeting industries other than that they are really planning to attack.
The Financial Service industry is a major target for many of these attacks so this deal should work well for that sector.
