David Barroso and Jaime Blasco discuss the benefit of sharing threat intelligence while attending the BSides San Francisco event, of which AlienVault was a major sponsor.
The AlienVault Open Threat Exchange™ (AV-OTX™) is a system for sharing threat intelligence among OSSIM users and AlienVault customers. An attack on any member of the community alerts and arms the entire community with the timely intelligence required to better manage a similar attack.
Sharing information related to the source and nature of attacks allows us, as a community, to quickly isolate malicious or compromised hosts. In addition, information related to attack patterns helps identify new attack tools and methods that can feed research on new defense technology.
AV-OTX™ is built into OSSIM and the AlienVault Unified Security Management Platform™ (AV-USM™). It automatically cleanses, aggregates, validates and publishes threat data streaming in from the broadest range of security devices (firewalls, proxy servers, web servers, anti-virus systems, intrusion detection and prevention systems…) across a community of more than 18,000 OSSIM and AlienVault deployments, spread among many industries and countries, composed of organizations of all sizes - making it the most diverse and comprehensive threat feed possible.
To participate, download the latest OSSIM update, and simply click to opt-into AV-OTX™. The system will automatically begin contributing cleansed data and will automatically begin receiving and using threat intelligence from the community. Rest assured that no information related to the layout of your network or configuration of any controls or machines in your network will be leaked. All data is stored anonymously and any performance impact is nominal, as the process to collect & cleanse attack data is run on a periodic basis – not continuously.
Researchers at AlienVault Labs review and validate threat data to ensure that only the most accurate and actionable intelligence is published. This is the same group of security experts who also recently made headlines around the world when they discovered the new strain of Sykipot malware targeting Department of Defense smart cards.
David Barroso is the Head of Security Intelligence at Telefonica, and Jaime Blasco is the Labs Manager for security provider AlienVault. Jaime manages the Lab and runs the Vulnerability Research Team. Prior to working in the AlienVault lab he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. His background stems from a number of years working in vulnerability management, malware analysis and security researching.