Open Threat Exchange Explained

Open Threat Exchange
Developer:AlienVault
(now AT&T Cybersecurity)
Genre:Security / SIEM
Website:cybersecurity.att.com/open-threat-exchange

Open Threat Exchange (OTX) is a crowd-sourced computer-security platform. It has more than 180,000 participants in 140 countries who share more than 19 million potential threats daily. It is free to use.

Founded in 2012, OTX was created and is run by AlienVault (now AT&T Cybersecurity), a developer of commercial and open source solutions to manage cyber attacks. The collaborative threat exchange was created partly as a counterweight to criminal hackers successfully working together and sharing information about viruses, malware and other cyber attacks.

Components

OTX is cloud-hosted. Information sharing covers a wide range of issues related to security, including viruses, malware, intrusion detection and firewalls. Its automated tools cleanse, aggregate, validate and publish data shared by participants. The data is validated by the OTX platform then stripped of information identifying the participating contributor.

In 2015, OTX 2.0 added a social network which enables members to share, discuss and research security threats, including via a real-time threat feed. Users can share the IP addresses or websites from where attacks originated or look up specific threats to see if anyone has already left such information.

Users can subscribe to a “Pulse,” an analysis of a specific threat, including data on IoC, impact, and the targeted software. Pulses can be exported as STIX, JSON, OpenloC, MAEC and CSV, and can be used to automatically update local security products. Users can up-vote and comment on specific pulses to assist others in identifying the most important threats.

OTX combines social contributions with automated machine-to-machine tools that integrates with major security products such as firewalls and perimeter security hardware. The platform can read security report in .pdf, .csv, .json and other open formats. Relevant information is extracted automatically, assisting IT professionals to more readily analyze data.

Specific OTX components include a dashboard with details about the top malicious IPs around the world and to check the status of specific IPs; notifications should an organization's IP or domain be found in a hacker forum, blacklist or be listed by in OTX; and a feature to review log files to determine if there has been communication with known malicious IPs.

In 2016, AlienVault released a new version of OTX allowing participants to create private communities and discussions groups to share information on threats only within the group. The feature is intended to facilitate more in-depth discussions on specific threats, particular industries, and different regions of the world. Threat data from groups can also be distributed to subscribers of managed service providers using OTX."[1]

Technology

OTX is a big data platform that integrates natural language processing and machine learning to facilitate the collection and correlation of data from many sources, including third-party threat feeds, websites, external API and local agents.[2]

Partners

In 2015, AlienVault partnered with Intel to coordinate real-time threat information on OTX. A similar deal with Hewlett Packard was announced the same year.

Competitors

Both Facebook and IBM have threat exchange platforms. The Facebook ThreatExchange is in beta and requires an application or invitation to join. IBM launched IBM X-Force Exchange in April 2015.[3]

References

  1. News: Jaeger. Jaclyn. AlienVault unveils latest edition of Open Threat Exchange. 22 September 2016. Compliance Week. 11 August 2016.
  2. News: Barker. Ian. Open Threat Exchange brings a community approach to fighting attacks. 8 November 2015. betanews. August 2015.
  3. News: Constantin. Lucian. IBM opens up its threat data as part of new security intelligence sharing platform. 14 December 2015. PC World. 16 April 2015.

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]