Cyber Threat Alliance

Fortinet and Palo Alto Networks Co-Found the Industry’s First Cyber Threat Alliance

Palo Alto Networks and Fortinet are partnering to build one of the industry’s first cyber threat alliances to drive the sharing of critical threat intelligence. This new consortium enables member organizations to better protect their customers from the increasingly sophisticated threat landscape through shared threat intelligence. By collaborating on threat knowledge and preventative measures we can improve our capabilities against the ever growing and increasingly sophisticated cyber attackers.

The alliance establishes a simple model for which member organizations can securely and expeditiously share insights. These insights will help members by bringing greater visibility into threats and techniques that they might not otherwise have visibility into. We look forward to growing the alliance and leading the industry towards innovative approaches to better serve our customers.

What is the Cyber Threat Alliance?

The Cyber Threat Alliance is a group of security vendors, initially led by Palo Alto Networks and Fortinet, that have chosen to work together to share malware information for the purpose of increasing the collective threat intelligence across organizations.

What is the goal of the Cyber Threat Alliance?

The goal and objective of the group is to disperse malware knowledge and threat intelligence across all member organizations to raise the overall knowledge of the group to allow member vendors to better protect their organizations and their customers..

Who is in the Cyber Threat Alliance?

The inaugural members are Fortinet and Palo Alto Networks. There is an open invitation to other organizations that share in our goals and objectives and meet the minimum requirements for participation – the ability to share at least 1,000 samples of new malware executables every day.

Founding Members

In addition to evolving the alliance framework and bylaws, co-founders Fortinet and Palo Alto Networks have dedicated resources to determine the most effective mechanisms for sharing advanced threat data to foster collaboration amongst all alliance members and make united progress in the fight against sophisticated cyber criminals.

Fortinet

Fortinet

Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and a market leader in Network Security (FW/NGFW/UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2012 Fortune Global 100. Learn more at www.fortinet.com.

Palo Alto Networks

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content. Find out more at www.paloaltonetworks.com.

Cyber Threat Alliance FAQ

What is the Cyber Threat Alliance?

The Cyber Threat Alliance is a group of cyber security practitioners from organizations that have chosen to work together in good faith to share threat information for the purpose of improving defenses against advanced cyber adversaries across member organizations and their customers.

What is the goal of the Cyber Threat Alliance?

The goal of the group is to disperse threat intelligence across all member organizations in order to raise the overall situational awareness of group members and to allow member-vendors to better protect their customers.

What makes this Alliance unique?

While past industry efforts have often been limited to the exchange of malware samples, this new Alliance will provide more actionable threat intelligence from contributing members, including information on zero day vulnerabilities, botnet command and control (C&C) server information, mobile threats, and indicators of compromise (IoCs) related to advanced persistent threats (APTs), as well as the commonly-shared malware samples. By raising the industry's collective actionable intelligence, Alliance participants will be able to deliver greater security for individual customers and organizations.

Is customer data at risk?

No. The Alliance Bylaws stipulate that members will not share any data that can be directly attributable to customers.

Who is in the Alliance?

  • The inaugural co-founders are Fortinet and Palo Alto Networks.
  • There is an open invitation to other organizations that share in our goal and meet the minimum requirements for participation.

What are the minimum requirements to join the Alliance?

Each member must share at least 1,000 samples of new Portable Executable (PE) malware per day that are not observed on VirusTotal over the preceding forty-eight (48) hours at the time of sharing, and meet at least one (1) of the following three (3) criteria:

  1. Mobile Malware: At least fifty (50) samples of new mobile malware per day in the APK, DEX, or other popular mobile malware file formats that are not observed on VirusTotal over the last forty-eight (48) hours at time of sharing.
  2. Botnets C2 Servers: At least one hundred (100) botnet command and control servers (C2), and/or peer to peer nodes, per week beyond those listed on public forums such as ZeusTracker, must be different than the previous week’s dump from the contributing member; and must be active upon sharing.
  3. Vulnerabilities & Exploits Sites: At least one hundred (100) attack sites per week beyond those listed on public forums, must be different than the previous week’s dump from the contributing member, and must be active upon sharing.

How can my organization join?

We welcome new members to the Alliance. Please use the form to initiate contact.

Press Releases

How can my organization join?

The Cyber Threat Alliance is open to all organizations who wish to contribute to the sharing of cyber crime threat intelligence. Technology vendors, government agencies, non-profit groups, and corporations are all welcome to join. The core requirement to join is the ability to provide a minimum of 1000 unique malware executables daily that do not overlap with VirusTotal.

We welcome new members to the alliance. Please use the form to initiate contact.