McAfee, Symantec Join Cyber Threat Alliance

Fortinet, McAfee, Palo Alto Networks and Symantec will dedicate resources to determine the most effective mechanisms for sharing advanced threat data.

IT security and fortinet

Security specialists McAfee and Symantec have joined the Cyber Threat Alliance, following the original co-founders, Fortinet and Palo Alto Networks, into the industry’s first cyber-threat alliance.

The mission of the Cyber Threat Alliance is to drive a coordinated industry effort against cyber-adversaries through deep collaboration on threat intelligence and sharing indicators of compromise.

"Both McAfee and Symantec have substantial threat research centers and provide incremental information on advanced threats to the alliance," John Maddison, vice president of marketing for Fortinet, told eWEEK. "It was very obvious when talking to both these companies they were keen to join the alliance, which enabled them to share the information with their own customer bases. Both McAfee and Symantec put aside market rivalries to become founding members of the alliance."

Maddison explained the goal of the alliance is to band together the top security companies and to combine forces by sharing the very best and latest threat intelligence across the member companies.

He noted all four companies have a huge installed base of network security appliances and endpoints, which provides a large network of sensors to feed relevant threat information into the system.

"The alliance will strive to build the most effective source of advanced threat information available," Maddison explained. "It will continue to improve the threat intelligence distribution within its current members and look to add members who can contribute additional capabilities and information. Longer-term objectives will include more sophisticated APIs and protocols such that deeper threat intelligence can be shared."

In addition to evolving the alliance framework and bylaws, co-founders Fortinet, McAfee, Palo Alto Networks and Symantec will each dedicate resources to determine the most effective mechanisms for sharing advanced threat data to foster collaboration amongst all alliance members and make united progress in the fight against sophisticated cyber-adversaries.

While past industry efforts have often been limited to the exchange of malware samples, this alliance aims to provide more actionable threat intelligence from contributing members, including information on zero-day vulnerabilities, botnet command and control (C&C) server information, mobile threats, and indicators of compromise (IoCs) related to advanced persistent threats (APTs), as well as the commonly shared malware samples.

By raising the industry's collective actionable intelligence, alliance participants will be able to deliver greater security for individual customers and organizations, Maddison said.

"All cyber-threats are an issue for enterprises, governments and infrastructure. It does not matter if they are state-sponsored or the result of criminal activity--they result in loss of data, intellectual property or far worse, control of critical infrastructure," he said. "Advanced or targeted threats change elements of their life cycle to avoid detection–these threats can only be stopped by threat intelligence that has been gathered across a wide cross-section of the industry."