Visa has teamed up with security firm FireEye to offer a new web platform for merchants and banks share threat intelligence, offering an improvement on emailed data on the latest cyber threat.
The two companies have announced a new partnership to deliver a web service that disseminates fresh and contextual information about hacks on merchants and banks to help them detect and respond to attacks on their IT and payment infrastructure faster than current methods.
"By combining Visa’s unparalleled view into global payments and FireEye’s industry-leading cyber security expertise, we intend to bring faster, actionable intelligence directly to players across the payments system,” said Charlie Scharf, Visa’s CEO.
Visa said it will be an improvement on current methods of sharing threat intelligence by email or static documents.
The service is based on FireEye’s Community Threat Intelligence (CIT) service, which was announced in February for its own customers, offering a way to share anonymised intelligence — from themselves and from FireEye’s network — with their own partners and customers. In other words, a big data platform for sharing information about hacks.
FireEye’s CIT relies on virtual machines that it has deployed on networks across the globe. The information helps determine attack patterns by correlating global data it collects with data from users’ IT environments. IT gives customers additional context to the attacks they may be observing against their own networks, such as indicators they’ve been attacked by hackers who’ve compromised other companies in their industry.
The combined Visa and FireEye service will be populated by data from both companies, with the aim of improving knowledge about attacks on the ecosystem.
The Obama Administration has introduced several different bills to encourage the private sector to share information about attacks with the government in response to high profile attacks on US companies over the past two years.
Some of the largest breaches have hit retailers, including Target and Home Depot, but also non-retail firms, such as Sony Pictures Entertainment, major insurance companies and financial services firms.
But the government's information sharing initiatives have also faced objections from businesses and privacy advocates. A few big name companies have also launched security-focussed intelligence-sharing initiatives, including Facebook and IBM.
Facebook in February announced ThreatExchange, based on the idea that it’s industry friends had an interest and incentive to share threat data that affected them all. Hence, early members included Twitter, Yahoo, Tumblr, Pinterest, Box and Bitly. The last public update from Facebook’s ThreatExchange page was in March though.
IBM opened up 700 terabytes of data about attacks and vulnerabilities through its IBM X-Force Exchange, giving insights to the status of hundreds of millions of end points and billions of web pages.