Cyber Threat Alliance

Fortinet, McAfee, Palo Alto Networks and Symantec Co-Found the Industry’s First Cyber Threat Alliance

What is the Cyber Threat Alliance?

The Cyber Threat Alliance is a group of cyber security practitioners from organizations that have chosen to work together in good faith to share threat information for the purpose of improving defenses against advanced cyber adversaries across member organizations and/or their customers.

What is the goal of the Cyber Threat Alliance?

The goal is to disperse threat intelligence on advanced adversaries across all member organizations to raise the overall situational awareness in order to better protect their organizations and their customers.

Who is in the Cyber Threat Alliance?

Founding members are Fortinet, McAfee, Palo Alto Networks and Symantec. There is an open invitation to other organizations that share in our goals and objectives and meet the minimum requirements for participation.

Founding Members

In addition to evolving the alliance framework and bylaws, co-founders Fortinet, McAfee, Palo Alto Networks and Symantec have dedicated resources to determine the most effective mechanisms for sharing advanced threat data to foster collaboration amongst all alliance members and make united progress in the fight against sophisticated cyber criminals.

Fortinet

Fortinet

Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and a market leader in Network Security (FW/NGFW/UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2012 Fortune Global 100. Learn more at www.fortinet.com.

McAfee

McAfee

McAfee, part of Intel Security and a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers businesses, the public sector, and home users to safely experience the benefits of the Internet. The company delivers proactive and proven security solutions and services for systems, networks, and mobile devices around the world. Through its McAfee Labs organization, McAfee has 450 multidisciplinary researchers in 30 countries following the complete range of threats in real time, identifying application vulnerabilities, analyzing and correlating risks, and enabling instant remediation to protect enterprises and the public. Find out more at www.mcafee.com.

Palo Alto Networks

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content. Find out more at www.paloaltonetworks.com.

Symantec

Symantec

Symantec Corporation (NASDAQ: SYMC) protects your information wherever it’s stored, accessed or shared. Founded in April 1982, Symantec operates the largest civilian cyberintelligence threat network in the world. The company's more than 20,000 employees reside in more than 50 countries and are pioneering new solutions in growing markets like backup appliances, mobile, cloud, advanced threat protection, data loss prevention, and managed security services. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2014, it recorded revenues of $6.7 billion. To learn more go to www.symantec.com or connect with Symantec at: www.symantec.com/social.

Cyber Threat Alliance FAQ

What is the Cyber Threat Alliance?

The Cyber Threat Alliance is a group of cyber security practitioners from organizations that have chosen to work together in good faith to share threat information for the purpose of improving defenses against advanced cyber adversaries across member organizations and their customers.

What is the goal of the Alliance?

The goal of the group is to disperse threat intelligence across all member organizations in order to raise the overall situational awareness of group members and to allow member-vendors to better protect their customers.

What makes this Alliance unique?

While past industry efforts have often been limited to the exchange of malware samples, this new Alliance will provide more actionable threat intelligence from contributing members, including information on zero day vulnerabilities, botnet command and control (C&C) server information, mobile threats, and indicators of compromise (IoCs) related to advanced persistent threats (APTs), as well as the commonly-shared malware samples. By raising the industry's collective actionable intelligence, Alliance participants will be able to deliver greater security for individual customers and organizations.

"A New Way to Share Threat Intelligence" to learn more. Download the paper

Is customer data at risk?

No. The Alliance Bylaws stipulate that members will not share any data that can be directly attributable to customers.

Who is in the Alliance?

  • The inaugural co-founders are Fortinet, McAfee, Palo Alto Networks and Symantec.
  • There is an open invitation to other organizations that share in our goal and meet the minimum requirements for participation.

What are the minimum requirements to join the Alliance?

Each member must share at least 1,000 samples of new Portable Executable (PE) malware per day that are not observed on VirusTotal over the preceding forty-eight (48) hours at the time of sharing, and meet at least one (1) of the following three (3) criteria:

  1. Mobile Malware: At least fifty (50) samples of new mobile malware per day in the APK, DEX, or other popular mobile malware file formats that are not observed on VirusTotal over the last forty-eight (48) hours at time of sharing.
  2. Botnets C2 Servers: At least one hundred (100) botnet command and control servers (C2), and/or peer to peer nodes, per week beyond those listed on public forums such as ZeusTracker, must be different than the previous week’s dump from the contributing member; and must be active upon sharing.
  3. Vulnerabilities & Exploits Sites: At least one hundred (100) attack sites per week beyond those listed on public forums, must be different than the previous week’s dump from the contributing member, and must be active upon sharing.

How can my organization join?

We welcome new members to the Alliance. Please use the form to initiate contact.

Press Releases

How can my organization join?

The Cyber Threat Alliance is open to all organizations who wish to contribute to the sharing of cyber crime threat intelligence. Technology vendors, government agencies, non-profit groups, and corporations are all welcome to join. The core requirement to join is the ability to provide a minimum of 1000 unique malware executables daily that do not overlap with VirusTotal.

We welcome new members to the alliance. Please use the form to initiate contact.