Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange™ (OTX)
For years, the systems and networks that run our businesses have been secured by the efforts of IT and security practitioners acting on their own. We continue to deploy the latest countermeasures, always trying to keep up with adversaries.

Criminal attackers, on the other hand, have shared information quite successfully to facilitate their exploits. Couple this with the "attacker's advantage" of choosing where, when and how to launch attacks, and it is no surprise that collaborative hackers appear to be winning against even the largest companies, despite generous spending on security tools.

As an industry, we need a threat-sharing solution that is open and available to everyone for the mutual benefit of all who contribute. With this goal in mind, AlienVault created the Open Threat Exchange™ (OTX).

What is the Open Threat Exchange (OTX)?
OTX is an open information sharing and analysis network that provides real-time, actionable threat information submitted by over 8,000 contributors in more than 140 countries. Threat intelligence from OTX is built into the Open Source Security Information Management (OSSIM) project as well as commercial products such as AlienVault Unified Security Management (USM). OTX allows for anonymous sharing of threat intelligence for mutual benefit.

How OTX Works
Users can opt-in to share anonymous threat data with the OTX community. When users choose to contribute, information related to attacks that are observed on their systems is sent to OTX. This data is then validated by the AlienVault Labs research team and distributed to all other participants in the OTX network, but without any details that would identify the specific contributor.
Crowd-Sourced Threat Intelligence: AlienVault Open Threat Exchange™ (OTX)
So, an attack on any system in the network can now be used as an indicator for subsequent attacks on any other participant in the network. By participating in OTX, defenders can learn from each other and quickly adapt to new threats. With collaborative threat intelligence, an attack on one organization greatly reduces the chance of success in subsequent organizations

Security for You, Powered by All
Since OTX collects threat data from a diverse set of contributors, attackers cannot use geography, size of company, or industry as a means for isolation. If threat intelligence is gathered only from attacks targeting US based companies, or only from attacks targeting financial service companies, the system can easily be gamed.

Attackers could simply use a different country or industry to refine their attack before moving on. OTX collects threat data from over 8,000 collection points in over 140 countries, so users can benefit from contributions made by organizations of all different sizes, from all over the world, and in all different types of industries.

How to Join OTX
Users can benefit from and contribute to OTX via OSSIM, the most widely used SIEM offering in the world, as well as commercial products such as AlienVault USM and other OTX partners.

And, anyone can benefit from the free services powered by OTX:
  • OTX Dashboard: View details about the top malicious IPs worldwide and check the reputation of specific IPs (including your own)
  • Reputation Monitor Alert: Get alerts if your IPs or domains are found in a hacker forum, blacklist or OTX, indicating a potential compromise
  • ThreatFinder: a free service that analyzes log files to detect communications with known malicious IPs.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.