AlienVault, a cybersecurity firm aimed at SMBs, announced the Beta of Open Threat Exchange (OTX) 2.0. The company bills it as a threat intelligence sharing platform, and the social component it has added in the latest version enables members to discuss security threats on a social network.
In the prior version, it simply updated threat information automatically in the background from machine to machine for members who had opted in to this feature. The update provides a social front end that gives members the opportunity to learn more about threats and how to combat them.
“We created a portal, a social network where you can create intelligence based on that data. Data doesn’t mean anything [on its own], but we created a platform where [members] can use that data, exposing it and using it to create threat intelligence,” Jaime Blasco, vice president and chief scientist at AlienVault, explained.
Armed with information that someone is attacking your system, you could, for example share the IP address or website where it originated. This gives others more information to protect their systems against a similar attack. Conversely, you could look up information about a suspected attack to learn more about it.
The platform can also ingest a security report in .pdf, .csv, .json and other open formats, and extract pertinent information automatically. An IT pro not trained in security threat management might have a difficult time understanding and acting on a security report without this kind of help.
For example, you could upload a security report in PDF format, and the system extracts meaningful information, while gleaning false positives, Blasco said. “We clean the information [for you], and generate a set of indicators of compromise, any technical piece of information you can use to identify a threat actor such as hash, IP address, etc.”
Blasco says this is particularly important in small- and medium-sized businesses which very likely don’t have professional security personnel to monitor and fight these types of attacks. While he expects security professionals will also get involved on OTX, he says IT pros who aren’t security experts can learn a great deal about combating threats by participating in the social part of the platform.
“We are lowering the bar for threat intelligence and giving tools to small- and medium-sized business,” he said. The platform lets you be more interactive than in the prior version by querying the system. If you have a domain name identified as malicious, you can locate malware with similar behavior and activity to discover other malicious actors that behave in a comparable manner, he explained.
OTX combines the social component with a more automated machine-to-machine feature that connects to any major security product such as firewalls, Russ Spitler, VP of product management at AlienVault said. If customers use the OTX SDK to connect their perimeter security hardware to OTX, that will provide the system with valuable threat information, which participants can then build upon in the social component.
Even though AlienVault is calling this release a Beta, the company is offering open enrollment and will be incorporating new members on a rolling basis. It is shooting for general release some time this summer.
The company has been around since 2007 offering security products aimed at small- to medium-sized businesses (SMBs). It has almost 200 employees today headquartered in San Mateo with offices in Austin and Madrid.
AlienVault closed a $30M Series D round in Dec. 2013. The company has raised a total of $66M, according to information it provided.
It’s worth noting that Facebook launched its own ThreatExchange in February using the Facebook look and feel to share similar types of information. The Facebook platform uses the Facebook Graph to see connections among different types of threat information and share it with members.