Enemies no more, McAfee and Symantec agree to SHARE threat data

Pair join Fortinet and Palo Alto in the Cyber Threat Alliance

The recently-launched Cyber Threat Alliance has been given a big boost with the news that Intel's McAfee division and former arch-enemy Symantec are to join the industry group whose mission is to create the first significant cross-vendor movement of threat data.

The CTA was announced in May with founder members Fortinet and Palo Alto Networks, an intriguing collaboration between two mid-level security firms that had something to gain from this kind of initiative.

Adding two of the 'big three' antivirus firms to this mix turns the idea from being merely interesting into something potentially more significant.

Basic forms of shared threat data will include malware signatures as well as mobile campaigns, botnet command and control channels, and patterns that indicate Advanced Persistent Threats (APTs). Most important of all, members will share data on real attacks, including targeted campaigns, precisely the sorts of security events that can be used to build a bigger picture of what is going on.

"We must meet these aggressive attacks with not only innovative technology and expertise, but also deeper industry collaboration to ensure our defence is strongest", said McAfee EMEA and Canada president, Gert-Jan Schenk.

"By creating this cyber alliance we now have the framework in place to educate one another on complex and multidimensional attacks, moving beyond just malware samples," he said.

Interestingly, Schenk then went on to say that the firms had taken the decision to collaborate without any pressure from law-makers.

"In the absence of substantive legislation fostering this intelligence exchange, the industry must lead the way and this makes the alliance an important milestone in tackling today's cyber security threats."

Security threat sharing has been one of the industry's big ideas for some time and yet nobody has managed to get the vendors themselves to coordinate it. Governments want enterprises to report serious security incidents through national CERTS (for example UK CERT), but much of the same could be achieved by joining together the customer bases of large security vendors.

In McAfee's case, its threat data is collected by the firm's Labs division, comprising 450 researchers.

"By working together to thwart the next generation of cyber attacks, we will be more effective in fighting to keep the Internet safe for users around the world," said Symantec president of Security technology and response Adam Bromwich.

To date, threat sharing has tended to be channeled through the idea of crowdsourcing, on a vendor-by-vendor basis, persuading customers of one company to share threats with other customers of the same firm. Examples include AlienVault's Open Threat Exchange (OTX),HP's Threat Central and Check Point's ThreatStore Intellistore. Then there are industry initiatives such as the Retail Cyber Intelligence Sharing Center (R-CISC) that gathers data on behalf of retailers.

Not long ago, the idea of two rivals such as McAfee and Symantec agreeing to pool threat data would have been seen as unthinkable, but here we are. The world has changed.

Join the CSO newsletter!

Error: Please check your email address.

Tags mcafeesymantecFortinetsecurityintel

More about AdvancedFortinetHPIntelPalo Alto NetworksSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E. Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place