Open Threat Exchange

Open Threat Exchange (OTX) is a crowd-sourced computer-security platform.[1] It has more than 80,000 participants in 140 countries who share more than 19 million potential threats daily.[2] It is free to use.[3]

Open Threat Exchange
Developer(s)AlienVault
(now AT&T Cybersecurity)
TypeSecurity / SIEM
Websitealienvault.com

Founded in 2012,[4] OTX was created and is run by AlienVault (now AT&T Cybersecurity), a developer of commercial and open source solutions to manage cyber attacks.[5] The collaborative threat exchange was created partly as a counterweight to criminal hackers successfully working together and sharing information about viruses, malware and other cyber attacks.[6]

Components

OTX is cloud-hosted. Information sharing covers a wide range of issues related to security, including viruses, malware, intrusion detection and firewalls. Its automated tools cleanse, aggregate, validate and publish data shared by participants.[4] The data is validated by the OTX platform then stripped of information identifying the participating contributor.[6]

In 2015, OTX 2.0 added a social network which enables members to share, discuss and research security threats, including via a real-time threat feed.[7] Users can share the IP addresses or websites from where attacks originated or look up specific threats to see if anyone has already left such information.[8]

Users can subscribe to a “Pulse,” an analysis of a specific threat, including data on IoC, impact, and the targeted software. Pulses can be exported as STIX, JSON, OpenloC, MAEC and CSV, and can be used to automatically update local security products.[7] Users can up-vote and comment on specific pulses to assist others in identifying the most important threats.[9]

OTX combines social contributions with automated machine-to-machine tools that integrates with major security products such as firewalls and perimeter security hardware.[8] The platform can read security report in .pdf, .csv, .json and other open formats. Relevant information is extracted automatically, assisting IT professionals to more readily analyze data.[8]

Specific OTX components include a dashboard with details about the top malicious IPs around the world and to check the status of specific IPs; notifications should an organization's IP or domain be found in a hacker forum, blacklist or be listed by in OTX; and a feature to review log files to determine if there has been communication with known malicious IPs.[6]

In 2016, AlienVault released a new version of OTX allowing participants to create private communities and discussions groups to share information on threats only within the group. The feature is intended to facilitate more in-depth discussions on specific threats, particular industries, and different regions of the world. Threat data from groups can also be distributed to subscribers of managed service providers using OTX."[10]

Technology

OTX is a big data platform that integrates natural language processing and machine learning to facilitate the collection and correlation of data from many sources, including third-party threat feeds, websites, external API and local agents.[11]

Partners

In 2015, AlienVault partnered with Intel to coordinate real-time threat information on OTX.[12] A similar deal with Hewlett Packard was announced the same year.[1]

Competitors

Both Facebook and IBM have threat exchange platforms. The Facebook ThreatExchange is in beta and requires an application or invitation to join.[13] IBM launched IBM-Force Exchange in April 2015.[14]

gollark: Support for `b` has been added.
gollark: Hold on, that will be patched in v6.12468.
gollark: - All this useless random junk can autoupdate (this is probably a backdoor)!- EZCopy allows you to easily install potatOS on another device, just by sticking it in the disk drive of any potatOS device!- fs.load and fs.dump - probably helpful somehow.- Blocks bad programs (like the "Webicity" browser).- Fully-featured process manager.- Can run in "hidden mode" where it's at least not obvious at a glance that potatOS is installed.- Convenient, simple uninstall with the "uninstall" command.- Turns on any networked potatOS computers!- Edits connected signs to use as ad displays.- A recycle bin.- An exorcise command, which is like delete but better.- Support for a wide variety of Lorem Ipsum.
gollark: Best viewed in Internet Explorer 6.00000000000004 running on a Difference Engine emulated under MacOS 7 on a Pentium 3. Features:- Fortunes/Dwarf Fortress output/Chuck Norris jokes on boot (wait, IS this a feature?)- (other) viruses (how do you get them in the first place? running random files like this?) cannot do anything particularly awful to your computer - uninterceptable (except by crashing the keyboard shortcut daemon, I guess) keyboard shortcuts allow easy wiping of the non-potatOS data so you can get back to whatever nonsense you do fast- Skynet (rednet-ish stuff over websocket to my server) and Lolcrypt (encoding data as lols and punctuation) built in for easy access!- Convenient OS-y APIs - add keyboard shortcuts, spawn background processes & do "multithreading"-ish stuff.- Great features for other idio- OS designers, like passwords and fake loading (est potatOS.stupidity.loading [time], est potatOS.stupidity.password [password]).- Digits of Tau available via a convenient command ("tau")- Potatoplex and Loading built in ("potatoplex"/"loading") (potatoplex has many undocumented options)!- Stack traces (yes, I did steal them from MBS)- Backdoors- er, remote debugging access (it's secured, via ECC signing on disks and websocket-only access requiring a key for the other one)
gollark: <@111608748027445248> ALL OF THEM.

References
  1. Raywood, Dan (24 April 2015). "HP partner with AlienVault on Cyber Threat-Sharing Initiative". ITPortal.com. Retrieved 8 November 2015.
  2. "The World's First Truly Open Threat Intelligence Community". AlienVault. Retrieved 6 May 2018.
  3. Morphy, Erika (29 July 2015). "AlienVault OTX: Shining a Light on Enterprise Security Threats". CMS Wire. Retrieved 14 December 2015.
  4. "AlienVault's Open Threat Exchange". InfoSecurity Magazine. 23 February 2012. Retrieved 13 December 2015.
  5. Miller, Ron (19 August 2015). "AlienVault Secures $52M Round With Eye Toward IPO". TechCrunch. Retrieved 8 November 2015.
  6. Khandelwal, Swati (14 July 2014). "Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange". The Hacker News. Retrieved 14 December 2015.
  7. Lennon, Mike (28 July 2015). "AlienVault Goes Live With Latest Open Threat Exchange". Security Week. Retrieved 13 December 2015.
  8. Miller, Ron (4 April 2015). "AlienVault Announces More Social Threat Exchange". TechCrunch. Retrieved 13 December 2015.
  9. Murphy, Ian (29 July 2015). "AlienVault looks to social threat intelligence". Enterprise Times. Retrieved 15 December 2015.
  10. Jaeger, Jaclyn (11 August 2016). "AlienVault unveils latest edition of Open Threat Exchange". Compliance Week. Retrieved 22 September 2016.
  11. Barker, Ian (August 2015). "Open Threat Exchange brings a community approach to fighting attacks". betanews. Retrieved 8 November 2015.
  12. Neal, David (13 May 2015). "Intel and AlienVault partner on real-time threat information sharing". The Inquirer. Retrieved 8 November 2015.
  13. Jowitt, Tom (12 February 2015). "Facebook Unveils ThreatExchange Platform". TechWeek Europe. Retrieved 14 December 2015.
  14. Constantin, Lucian (16 April 2015). "IBM opens up its threat data as part of new security intelligence sharing platform". PC World. Retrieved 14 December 2015.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.