Cyberthreat Info Sharing App UnveiledAutomating Manual Processes to Thwart Cyber-Attacks
The Financial Services Information Sharing and Analysis Center has teamed up with the Depository Trust and Clearing Corp. to develop software designed to ease cyberthreat information collection and sharing, helping to safeguard against cyber-attacks.
See Also: Data Center Security Study - The Results
FS-ISAC, a cybersecurity information sharing group, and DTCC, a clearing and settlement services company that serves financial institutions, have created a joint venture called Soltra that will begin marketing the Soltra Edge application later this year once testing is complete.
About 45 organizations are now testing the software, Mark Clancy, DTCC's chief information security officer and a board member of the FS-ISAC, tells Information Security Media Group.
The new application is intended for use by financial institutions, retailers, governments, healthcare organizations, industrial control systems developers and the energy sector, Clancy says.
Streamlining Data Flow
Soltra Edge is an enterprise application that an organization would install and run within its own environment, Clancy explains. It's designed to help streamline the flow of threat intelligence by processing large amounts of data.
"All the processes by which we currently share are manual," Clancy says. For example, a security professional might get an e-mail that has a link to a website or a PDF that identifies a particular threat, and that information then must be copied and pasted into multiple security tools.
Soltra Edge will enable a threat to be described in a standard way, making it machine readable so it can be routed to participating users, such as a bank or healthcare organization, that can then react to the threat by, for example, pushing out a rule to a firewall to help block it.
"The part that led us to the need for a software solution is we had to fundamentally change the way data is communicated," Clancy says.
The software is designed to scale to support thousands of organizations and distill large amounts of data into actionable intelligence that is easy to understand and use, the development partners say. It leverages open standards. including Structured Threat Information eXpression, or STIX, and Trusted Automated eXchange of Indicator Information, or TAXII.
Soltra Edge also is designed to integrate with other applications, says Bill Nelson, president and CEO of FS-ISAC. "As long as they support the STIX and TAXII standards, we can provide an interface to them," he says.
Pricing and other specifics have not yet been revealed. "We'll make announcements about the product later in the year when it's ready to go," Clancy says.
In 2011, FS-ISAC formed a security automation working group to tackle the problem of manual information sharing, Nelson says.
"It was recognized last year that this effort could use a little boost in terms of funding to accelerate the development of what we were doing," he says. The end result was 13 organizations funded the Soltra project to get it off the ground. Nelson and Clancy declined to disclose the organizations that helped fund the project.
FS-ISAC's role has been to bring together various business sectors "and move the agenda forward," Nelson says.
Analyzing the Venture
Al Pascual, director of fraud and security at Javelin Strategy & Research, says the new software project will address the evolving and changing cyberthreat landscape.
"As the threat landscape became more dynamic [in the financial services sector], the need arose for more rapid dissemination and analysis than was reasonably possible," he says. "I expect that as bad actors continue to target varied types of organizations, Soltra will also interest other affected industries in search of a more effective defense."