In an attempt to get ahead of cybercriminals, 16 banks have donated between $50,000 and $500,000 each to a build a new platform for sharing threat information. That platform is going live today -- and it's not just for banks.
The Soltra Edge software is free for anyone to download, runs entirely on premises, and uses open standards to pull actionable threat information from a company's choice of public or proprietary data sources. The platform is bi-directional, allowing firms to share newly discovered threats with their choice of vendors, public agencies, or their peers.
There is also a free online community for peer-to-peer support with additional paid support available from Soltra Solutions, LLC, the joint venture set up to create and maintain the software.
According to a recent survey by the Financial Services Information Sharing and Analysis Center, one of the backers of the project, it took an average of seven hours for an organization to respond to a new threat alert.
That response time could be reduced to fractions of a second, though that depends on how Soltra Edge is configured.
"Right now, the lowest response time is one minute," said Soltra CTO Aharon Chernin.
According to Chernin, firms can configure Soltra for any combination of manual and automated processing.
"You might have a decision tree based on the source of the information," he said. "It's up to you as a user how you implement it."
Soltra Edge is the first system to bring together both public and private information sources in an on-premises solution using open standards, said Soltra president Bill Nelson. He is also president and CEO of the FS-ISAC.
The other partner in the Soltra joint venture is the Depository Trust and Clearing Corporation, which processes securities trades.
Although it came out of the financial industry, the platform isn't limited to just banks and brokerages.
"Soltra Edge is designed for any company concerned about cybersecurity risks and in need of an automated solution to provide actionable cybersecurity threat data," said Soltra CEO Mark Clancy.
According to Clancy, Soltra Edge will provide the plumbing that directly connects sources of information about cybersecurity threats to users, plugging directly into the systems running firewalls, intrusion detection and prevention, and anti-virus scans.
The sources of information include various industry-based information sharing and analysis centers (ISACs), computer emergency readiness teams (CERTs), security vendors, and public feeds.
"We believe in a collaborative approach," he said.
Firms that participate in the platform can set controls for what types of information can be shared, and what other companies the information can be shared with. In addition, they can choose to share the information anonymously.
"No matter how large or small an organization or their service providers are, Soltra Edge can be used by any entity," he added.
The basic license is free and the software takes only a few minutes to download, install and configure, the company said.
Based around open standards
Soltra Edge uses two main open standards for the collection and distribution of the threat information.
First, there's STIX, Structured Threat Information eXpression, which encodes the threat information. Then the TAXII standard, or Trusted Automated eXchange of Indicator Information, allows for the sharing of that information. Both standards are backed by the US Department of Homeland Security and MITRE.
Adapters are available for some common security tools and -- if the platform gets traction -- vendors will probably create adapters for more systems. That includes both vendors offering technology that can respond to threat alerts, such as firewalls and malware detection software, as well as vendors offering threat intelligence.
According to Nelson, Soltra Edge will act as the plumbing, or middleware, that connects all these proprietary systems as well as public information sources.
The recent data breach at JP Morgan, as well as high-profile breaches at retailers like Home Depot and Target, might convince a lot of companies to sign up.
However, Soltra Edge won't instantly solve all security problems, said Ron Gula, CEO at Columbia, MD-based Tenable Network Security.
"Any additional data that can help catch bad guys is a good thing," he said. "However... I've seen some organizations shift to feeling secure when they have no indicators on their network. This is a false sense of security."
In addition, Soltra Edge only helps companies share information about existing threats, not new ones.
"It still depends on finding a patient zero, and this could be you," he said.
Gula also expressed concern that vendors who opt to use Soltra Edge to distribute threat information might see that information shared with the wider Soltra community.
In fact, there is no Soltra community, said Soltra's Chernin.
There is no centralized organization that keeps track of who is using Soltra Edge, what other organizations they connect to, and how they share information.
"Simply giving someone your intel in a structured format does not mean that it's going to go out to 250 people," said Chernin. "The primary reason to give someone structured data is so that they can act on it automatically. Simply because you receive the data doesn't mean you've reshared it."
In fact, Soltra could not provide any information about the users of Soltra Edge other than to say that more than 100 companies have already downloaded the software.
In addition, about a dozen vendors have already committed to supporting Soltra Edge, said Soltra's Nelson, and the details will be shared soon. Several industry-based information sharing groups are also feeding threat information into Soltra Edge as well.