Dec 03, 2014
Tanium Adds Soltra to Its Threat Intelligence Ecosystem to Turn Tables on Cyber AttackersBy Tanium Team
The Uncomfortable Truth of Cyber Attacks
As the world looks to make the Internet its platform for finance, the stakes in the cybersecurity landscape have never been higher.
We read daily about cyber attacks against the financial industry, demonstrating a sad reality and an uncomfortable truth: Despite having access to the best IT security talent available, the world’s leading financial services firms still find themselves suffering from multiple data breaches every year. Why? Increasingly sophisticated attacks coupled with an inability to detect and respond quickly enough to them. IT security pros at financial firms around the world are in a race against time. They need to find and contain threats and remediate compromised systems quickly, before proprietary or confidential data is stolen, operations are crippled and customer trust is lost.
Cyber warfare is a fight that needs to happen through coordination and information sharing across the industry. Think of it as crowdsourced intelligence. To that end, we are excited about the formation of Soltra TM, the joint venture between the Financial Services Information Sharing and Analysis Center (FS-ISAC), an organization dedicated to sharing cybersecurity threat information, and the Depository Trust & Clearing Corporation (DTCC), the leading post-trade market infrastructure for the financial services industry.
Soltra Edge and Its Threat Intelligence
Mark Clancy, CEO of Soltra, CISO of DTCC and Board Member of FS-ISAC, has a simple, fundamental philosophy: “One organization’s incident becomes everyone’s defense.” Sharing threat intelligence in machine-readable Indicator of Compromise (IOC) formats enables organizations to develop flexible detection techniques that adapt with their adversaries as specific malware and tactics are altered to avoid detection. It is their mission to create a place for the quick dissemination of IOCs with subscriber companies and groups so they have information on the latest attacks and can take action to stop them, if necessary. Ultimately the goal is to catch hackers faster by sharing information across banks versus working independently. Soltra Edge TM, which is Soltra’s threat intelligence solution, is now available for the broader market, after being piloted with 45 companies. You can read more about it here:
While Soltra Edge delivers threat intelligence information directly to organizations, there still needs to be a mechanism to take an IOC, run it against systems, gather results on what’s been compromised and remediate infected systems quickly. Until now, legacy tools have been too slow to stop emerging threats in progress. In fact, many of the tools used today are typically limited to the forensics process, well after the damage has been done. In addition, the sheer volume of threat intelligence and the rate of updates present challenges for security professionals who are struggling to keep up with the flood of alerts. The challenge is taking this information and translating it into actionable and automated detection and remediation.
How Tanium Can Help
At Tanium, we work with some of the world’s largest financial institutions to help solve this critical problem. We give security teams the ability to query 100,000s of endpoints, no matter where they are located, identify compromised systems and automate the necessary remediation action. With Tanium, all of this can now be done within seconds versus the days, weeks or months it may take to complete with legacy tools, truly transforming the way security teams approach endpoint detection and response.
The Tanium IOC Funnel, part of the Tanium platform, integrates with a broad ecosystem of third-party cybersecurity threat intelligence feeds. Tanium evaluates and translates IOCs into optimized sets of questions that are used to gather data from endpoints across the environment to identify where IOCs match with systems. Once these threats are identified, Tanium enables automated remediation at scale, such as killing processes, quarantining systems or deploying patches, with unprecedented speed and scale. We’re thrilled to add Soltra Edge to our threat intelligence ecosystem to automate indicator feeds from Soltra into the Tanium IOC Funnel.
The need for real-time and actionable threat intelligence has never been greater. We commend Soltra, FS-ISAC and DTCC for helping the financial services industry take another step forward to more proactively share information across the industry and help safeguard our critical financial infrastructure.