Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Bank-backed security utility service to serve all industry sectors

Maria Korolov | Dec. 5, 2014
In an attempt to get ahead of cybercriminals, 16 banks have donated between $50,000 and $500,000 each to a build a new platform for sharing threat information. That platform is going live today -- and it's not just for banks.

The basic license is free and the software takes only a few minutes to download, install and configure, the company said.

Based around open standards

Soltra Edge uses two main open standards for the collection and distribution of the threat information.

First, there's STIX, Structured Threat Information eXpression, which encodes the threat information. Then the TAXII standard, or Trusted Automated eXchange of Indicator Information, allows for the sharing of that information. Both standards are backed by the US Department of Homeland Security and MITRE.

Adapters are available for some common security tools and — if the platform gets traction — vendors will probably create adapters for more systems. That includes both vendors offering technology that can respond to threat alerts, such as firewalls and malware detection software, as well as vendors offering threat intelligence.

According to Nelson, Soltra Edge will act as the plumbing, or middleware, that connects all these proprietary systems as well as public information sources.

The recent data breach at JP Morgan, as well as high-profile breaches at retailers like Home Depot and Target, might convince a lot of companies to sign up.

However, Soltra Edge won't instantly solve all security problems, said Ron Gula, CEO at Columbia, MD-based Tenable Network Security.

"Any additional data that can help catch bad guys is a good thing," he said. "However... I've seen some organizations shift to feeling secure when they have no indicators on their network. This is a false sense of security."

In addition, Soltra Edge only helps companies share information about existing threats, not new ones.

"It still depends on finding a patient zero, and this could be you," he said.

Gula also expressed concern that vendors who opt to use Soltra Edge to distribute threat information might see that information shared with the wider Soltra community.

In fact, there is no Soltra community, said Soltra's Chernin.

There is no centralized organization that keeps track of who is using Soltra Edge, what other organizations they connect to, and how they share information.

"Simply giving someone your intel in a structured format does not mean that it's going to go out to 250 people," said Chernin. "The primary reason to give someone structured data is so that they can act on it automatically. Simply because you receive the data doesn't mean you've reshared it."

In fact, Soltra could not provide any information about the users of Soltra Edge other than to say that more than 100 companies have already downloaded the software.

In addition, about a dozen vendors have already committed to supporting Soltra Edge, said Soltra's Nelson, and the details will be shared soon. Several industry-based information sharing groups are also feeding threat information into Soltra Edge as well.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.