Open Threat Exchange

Open Threat Exchange

Developer(s)	AlienVault (now AT&T Cybersecurity)
Type	Security / SIEM
Website	cybersecurity.att.com/open-threat-exchange

Open Threat Exchange (OTX) is a crowd-sourced computer-security platform.^[1] It has more than 180,000 participants in 140 countries who share more than 19 million potential threats daily.^[2] It is free to use.^[3]

Founded in 2012,^[4] OTX was created and is run by AlienVault (now AT&T Cybersecurity), a developer of commercial and open source solutions to manage cyber attacks.^[5] The collaborative threat exchange was created partly as a counterweight to criminal hackers successfully working together and sharing information about viruses, malware and other cyber attacks.^[6]

Components

OTX is cloud-hosted. Information sharing covers a wide range of issues related to security, including viruses, malware, intrusion detection and firewalls. Its automated tools cleanse, aggregate, validate and publish data shared by participants.^[4] The data is validated by the OTX platform then stripped of information identifying the participating contributor.^[6]

In 2015, OTX 2.0 added a social network which enables members to share, discuss and research security threats, including via a real-time threat feed.^[7] Users can share the IP addresses or websites from where attacks originated or look up specific threats to see if anyone has already left such information.^[8]

Users can subscribe to a “Pulse,” an analysis of a specific threat, including data on IoC, impact, and the targeted software. Pulses can be exported as STIX, JSON, OpenloC, MAEC and CSV, and can be used to automatically update local security products.^[7] Users can up-vote and comment on specific pulses to assist others in identifying the most important threats.^[9]

OTX combines social contributions with automated machine-to-machine tools that integrates with major security products such as firewalls and perimeter security hardware.^[8] The platform can read security report in .pdf, .csv, .json and other open formats. Relevant information is extracted automatically, assisting IT professionals to more readily analyze data.^[8]

Specific OTX components include a dashboard with details about the top malicious IPs around the world and to check the status of specific IPs; notifications should an organization's IP or domain be found in a hacker forum, blacklist or be listed by in OTX; and a feature to review log files to determine if there has been communication with known malicious IPs.^[6]

In 2016, AlienVault released a new version of OTX allowing participants to create private communities and discussions groups to share information on threats only within the group. The feature is intended to facilitate more in-depth discussions on specific threats, particular industries, and different regions of the world. Threat data from groups can also be distributed to subscribers of managed service providers using OTX."^[10]

Technology

OTX is a big data platform that integrates natural language processing and machine learning to facilitate the collection and correlation of data from many sources, including third-party threat feeds, websites, external API and local agents.^[11]

Partners

In 2015, AlienVault partnered with Intel to coordinate real-time threat information on OTX.^[12] A similar deal with Hewlett Packard was announced the same year.^[1]

Competitors

Both Facebook and IBM have threat exchange platforms. The Facebook ThreatExchange is in beta and requires an application or invitation to join.^[13] IBM launched IBM X-Force Exchange in April 2015.^[14]

References

1. Raywood, Dan (24 April 2015). "HP partner with AlienVault on Cyber Threat-Sharing Initiative". ITPortal.com. Retrieved 8 November 2015.
2. "The World's First Truly Open Threat Intelligence Community". AlienVault. Retrieved 6 May 2018.
3. Morphy, Erika (29 July 2015). "AlienVault OTX: Shining a Light on Enterprise Security Threats". CMS Wire. Retrieved 14 December 2015.
4. "AlienVault's Open Threat Exchange". InfoSecurity Magazine. 23 February 2012. Retrieved 13 December 2015.
5. Miller, Ron (19 August 2015). "AlienVault Secures $52M Round With Eye Toward IPO". TechCrunch. Retrieved 8 November 2015.
6. Khandelwal, Swati (14 July 2014). "Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange". The Hacker News. Retrieved 14 December 2015.
7. Lennon, Mike (28 July 2015). "AlienVault Goes Live With Latest Open Threat Exchange". Security Week. Retrieved 13 December 2015.
8. Miller, Ron (4 April 2015). "AlienVault Announces More Social Threat Exchange". TechCrunch. Retrieved 13 December 2015.
9. Murphy, Ian (29 July 2015). "AlienVault looks to social threat intelligence". Enterprise Times. Retrieved 15 December 2015.
10. Jaeger, Jaclyn (11 August 2016). "AlienVault unveils latest edition of Open Threat Exchange". Compliance Week. Retrieved 22 September 2016.
11. Barker, Ian (August 2015). "Open Threat Exchange brings a community approach to fighting attacks". betanews. Retrieved 8 November 2015.
12. Neal, David (13 May 2015). "Intel and AlienVault partner on real-time threat information sharing". The Inquirer. Archived from the original on May 18, 2015. Retrieved 8 November 2015.
13. Jowitt, Tom (12 February 2015). "Facebook Unveils ThreatExchange Platform". TechWeek Europe. Retrieved 14 December 2015.
14. Constantin, Lucian (16 April 2015). "IBM opens up its threat data as part of new security intelligence sharing platform". PC World. Retrieved 14 December 2015.