Bank-backed security utility service to serve all industry sectors

In an attempt to get ahead of cybercriminals, 16 banks have donated between $50,000 and $500,000 each to a build a new platform for sharing threat information. That platform is going live today -- and it's not just for banks.

The Soltra Edge software is free for anyone to download, runs entirely on premises, and uses open standards to pull actionable threat information from a company's choice of public or proprietary data sources. The platform is bi-directional, allowing firms to share newly discovered threats with their choice of vendors, public agencies, or their peers.

There is also a free online community for peer-to-peer support with additional paid support available from Soltra Solutions, LLC, the joint venture set up to create and maintain the software.

According to a recent survey by the Financial Services Information Sharing and Analysis Center, one of the backers of the project, it took an average of seven hours for an organization to respond to a new threat alert.

That response time could be reduced to fractions of a second, though that depends on how Soltra Edge is configured.

"Right now, the lowest response time is one minute," said Soltra CTO Aharon Chernin.

According to Chernin, firms can configure Soltra for any combination of manual and automated processing.

"You might have a decision tree based on the source of the information," he said. "It's up to you as a user how you implement it."

Soltra Edge is the first system to bring together both public and private information sources in an on-premises solution using open standards, said Soltra president Bill Nelson. He is also president and CEO of the FS-ISAC.

The other partner in the Soltra joint venture is the Depository Trust and Clearing Corporation, which processes securities trades.

Although it came out of the financial industry, the platform isn't limited to just banks and brokerages.

"Soltra Edge is designed for any company concerned about cybersecurity risks and in need of an automated solution to provide actionable cybersecurity threat data," said Soltra CEO Mark Clancy.

According to Clancy, Soltra Edge will provide the plumbing that directly connects sources of information about cybersecurity threats to users, plugging directly into the systems running firewalls, intrusion detection and prevention, and anti-virus scans.

The sources of information include various industry-based information sharing and analysis centers (ISACs), computer emergency readiness teams (CERTs), security vendors, and public feeds.

"We believe in a collaborative approach," he said.

Firms that participate in the platform can set controls for what types of information can be shared, and what other companies the information can be shared with. In addition, they can choose to share the information anonymously.

"No matter how large or small an organization or their service providers are, Soltra Edge can be used by any entity," he added.

The basic license is free and the software takes only a few minutes to download, install and configure, the company said.

Based around open standards

Soltra Edge uses two main open standards for the collection and distribution of the threat information.

First, there's STIX, Structured Threat Information eXpression, which encodes the threat information. Then the TAXII standard, or Trusted Automated eXchange of Indicator Information, allows for the sharing of that information. Both standards are backed by the US Department of Homeland Security and MITRE.

Adapters are available for some common security tools and -- if the platform gets traction -- vendors will probably create adapters for more systems. That includes both vendors offering technology that can respond to threat alerts, such as firewalls and malware detection software, as well as vendors offering threat intelligence.

According to Nelson, Soltra Edge will act as the plumbing, or middleware, that connects all these proprietary systems as well as public information sources.

The recent data breach at JP Morgan, as well as high-profile breaches at retailers like Home Depot and Target, might convince a lot of companies to sign up.

However, Soltra Edge won't instantly solve all security problems, said Ron Gula, CEO at Columbia, MD-based Tenable Network Security.

"Any additional data that can help catch bad guys is a good thing," he said. "However... I've seen some organizations shift to feeling secure when they have no indicators on their network. This is a false sense of security."

In addition, Soltra Edge only helps companies share information about existing threats, not new ones.

"It still depends on finding a patient zero, and this could be you," he said.

Gula also expressed concern that vendors who opt to use Soltra Edge to distribute threat information might see that information shared with the wider Soltra community.

In fact, there is no Soltra community, said Soltra's Chernin.

There is no centralized organization that keeps track of who is using Soltra Edge, what other organizations they connect to, and how they share information.

"Simply giving someone your intel in a structured format does not mean that it's going to go out to 250 people," said Chernin. "The primary reason to give someone structured data is so that they can act on it automatically. Simply because you receive the data doesn't mean you've reshared it."

In fact, Soltra could not provide any information about the users of Soltra Edge other than to say that more than 100 companies have already downloaded the software.

In addition, about a dozen vendors have already committed to supporting Soltra Edge, said Soltra's Nelson, and the details will be shared soon. Several industry-based information sharing groups are also feeding threat information into Soltra Edge as well.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attacksSoltra Solutionsespionagesecurity

More about BillHome DepotJP MorganMorganTenableTenable Network Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place