Boost for cyber threat intelligence sharing

A new collaboration aims to enable organisations to step up their threat detection capabilities

The ability to collect and analyse cyber threat intelligence (CTI) is critical, as cyber teams need to anticipate the next move of attackers, and the tools and techniques they are likely to use. Hence the news that Tanium, provider of endpoint management and security, is collaborating with OpenCTI, an open source platform that specialises in the analysis of cyber threats, is significant.

The collaboration will allow the integration of Tanium’s behaviour-based detection offering, Tanium Signals, with OpenCTI, helping organisations to store, organise and visualise intelligence information in real time. “With the integration of data provided by OpenCTI, companies using both tools can increase their intelligence and analysis capabilities to anticipate, search and respond more quickly and effectively to cyber threats,” the two companies report.

For security operations centre (SOC) teams, using OpenCTI with Tanium enables them to analyse and contextualise data related to signature-based detection (YARA rules, Tanium Signals etc), indicators of compromise (examples of phishing emails, IP address lists etc), techniques, tactics and procedures (TTPs) and cyber attribution. Organisations will be able to feed the Tanium platform with the latest and relevant intelligence data provided by OpenCTI, providing them with the ability to aggregate several sources of threat intelligence.

"Implementing OpenCTI into Tanium's solutions is a critical step towards improving cyber risk prevention, and ultimately assuming greater control over the ever-increasing number and complexity of threats,” says Samuel Hassine, director of security strategy and operations at Tanium and co-creator of OpenCTI, pictured. “The detection capabilities of Tanium’s tools are enhanced by OpenCTI’s unique architecture, its support of more than twenty different intelligence sources and the active involvement of the Open Source community in developing the platform.

"The OpenCTI platform is decentralised, scalable and flexible in its settings and day-to-day use,” adds Hassine. “This makes it easy for the CISO community in companies and organisations around the world to adopt OpenCTI, at a time when the use of threat intelligence is essential to address cyber threats in a faster and more effective way."