Cyberthreat Intelligence Effort Launched

LogRhythm Partners with Five Other Vendors
Cyberthreat Intelligence Effort Launched

Security intelligence firm LogRhythm has launched what it calls a "threat intelligence ecosystem" in collaboration with five other security vendors, giving customers the ability to customize the information they want in their intelligence feeds.

See Also: Unite & Disrupt: Mitigate Attacks by Uniting Security Operations

"The Threat Intelligence Ecosystem allows customers the flexibility to determine from a variety of vendors, each with different intelligence acquisition methods, which [one] aligns to them," says Seth Goldhammer, director of product management at LogRhythm. Other participants in the new collaborative effort are CrowdStrike, Norse, Symantec, ThreatStream and Webroot.

LogRhythm will present a customer with a list of the different threat intelligence feeds they can purchase from the vendors involved. Whichever feeds are chosen, LogRhythm will work to consolidate and digest the information to meet the customer's needs, says Kurt Stammberger, senior vice president of market development at Norse.

"What people are recognizing is that threat intelligence sources are very different from each other," he says. "Different threat intelligence vendors specialize in gathering information from different parts of the Internet. Think of it as telescopes covering different parts of the sky."

It's important to note that there is no information sharing between the different threat intelligence vendors in the ecosystem, says Patrick Kennedy, vice president of enterprise marketing at Webroot. "Each acts as a self-autonomous threat intelligence service to the LogRhythm customer," he says.

LogRhythm hopes to recruit other security vendors to join the effort.

Measuring Success

The level of success will be based on whether a broader array of customers gains access to live attack intelligence, says Stammberger of Norse. "Right now, only about 35 percent of enterprises have any real threat intelligence initiative going on," he says.

Another measure of success is whether the ecosystem is able to recognize high-impact activities that allowed a customer to prevent a breach from occurring, Goldhammer says.

Analyzing the Initiative

Tyler Shields, a security analyst at Forrester Research, says this new initiative could prove effective if the analysis of the aggregated data is done well. "It's one thing to pull a number of great threat information data feeds into a single location, but it's a lot harder to properly analyze and determine highly accurate causation from disparate sources of data," he says.

Also, at a time when cyber-attacks are morphing so rapidly, it's a positive sign to see collaboration among security vendors, says Shirley Inscoe, an analyst at the consultancy Aite Group. "This is an instance where the sum of the parts truly can be much greater than the individual elements," she says. "Identifying attacks rapidly is essential in a real-time environment, and reducing false positives is key so that investigators can focus on the highest risk items instead of being distracted by a long list of possible threats."


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network