Cyber Threat Alliance FAQ

What is the Cyber Threat Alliance?

The Cyber Threat Alliance is a group of cyber security practitioners from organizations that have chosen to work together in good faith to share threat information for the purpose of improving defenses against advanced cyber adversaries across member organizations and their customers.

What is the goal of the Alliance?

The goal of the group is to disperse threat intelligence across all member organizations in order to raise the overall situational awareness of group members and to allow member-vendors to better protect their customers.

What makes this Alliance unique?

While past industry efforts have often been limited to the exchange of malware samples, this new Alliance will provide more actionable threat intelligence from contributing members, including information on zero day vulnerabilities, botnet command and control (C&C) server information, mobile threats, and indicators of compromise (IoCs) related to advanced persistent threats (APTs), as well as the commonly-shared malware samples. By raising the industry's collective actionable intelligence, Alliance participants will be able to deliver greater security for individual customers and organizations.

"A New Way to Share Threat Intelligence" to learn more. Download the paper

Is customer data at risk?

No. The Alliance Bylaws stipulate that members will not share any data that can be directly attributable to customers.

Who is in the Alliance?

  • The inaugural co-founders are Fortinet, Intel Security, Palo Alto Networks and Symantec.
  • There is an open invitation to other organizations that share in our goal and meet the minimum requirements for participation.

What are the minimum requirements to join the Alliance?

Each member must share at least 1,000 samples of new Portable Executable (PE) malware per day that are not observed on VirusTotal over the preceding forty-eight (48) hours at the time of sharing, and meet at least one (1) of the following three (3) criteria:

  1. Mobile Malware: At least fifty (50) samples of new mobile malware per day in the APK, DEX, or other popular mobile malware file formats that are not observed on VirusTotal over the last forty-eight (48) hours at time of sharing.
  2. Botnets C2 Servers: At least one hundred (100) botnet command and control servers (C2), and/or peer to peer nodes, per week beyond those listed on public forums such as ZeusTracker, must be different than the previous week’s dump from the contributing member; and must be active upon sharing.
  3. Vulnerabilities & Exploits Sites: At least one hundred (100) attack sites per week beyond those listed on public forums, must be different than the previous week’s dump from the contributing member, and must be active upon sharing.

How can my organization join?

We welcome new members to the Alliance. Please use the form to initiate contact.

Fill out my online form.