Criminal attackers, on the other hand, have shared information quite successfully to facilitate their exploits. Couple this with the "attacker's advantage" of choosing where, when and how to launch attacks, and it is no surprise that collaborative hackers appear to be winning against even the largest companies, despite generous spending on security tools.
As an industry, we need a threat-sharing solution that is open and available to everyone for the mutual benefit of all who contribute. With this goal in mind, AlienVault created the Open Threat Exchange™ (OTX).
What is the Open Threat Exchange (OTX)?
OTX is an open information sharing and analysis network that provides real-time, actionable threat information submitted by over 8,000 contributors in more than 140 countries. Threat intelligence from OTX is built into the Open Source Security Information Management (OSSIM) project as well as commercial products such as AlienVault Unified Security Management (USM). OTX allows for anonymous sharing of threat intelligence for mutual benefit.
How OTX Works
Users can opt-in to share anonymous threat data with the OTX community. When users choose to contribute, information related to attacks that are observed on their systems is sent to OTX. This data is then validated by the AlienVault Labs research team and distributed to all other participants in the OTX network, but without any details that would identify the specific contributor.
Security for You, Powered by All
Since OTX collects threat data from a diverse set of contributors, attackers cannot use geography, size of company, or industry as a means for isolation. If threat intelligence is gathered only from attacks targeting US based companies, or only from attacks targeting financial service companies, the system can easily be gamed.
Attackers could simply use a different country or industry to refine their attack before moving on. OTX collects threat data from over 8,000 collection points in over 140 countries, so users can benefit from contributions made by organizations of all different sizes, from all over the world, and in all different types of industries.
How to Join OTX
Users can benefit from and contribute to OTX via OSSIM, the most widely used SIEM offering in the world, as well as commercial products such as AlienVault USM and other OTX partners.
And, anyone can benefit from the free services powered by OTX:
- OTX Dashboard: View details about the top malicious IPs worldwide and check the reputation of specific IPs (including your own)
- Reputation Monitor Alert: Get alerts if your IPs or domains are found in a hacker forum, blacklist or OTX, indicating a potential compromise
- ThreatFinder: a free service that analyzes log files to detect communications with known malicious IPs.