Netskope, the leading security cloud, today announced the Cloud Threat Exchange, one of the industry's first cloud-based solutions for the ingestion, curation, and real-time sharing of threat intelligence across enterprise security enforcement points. With this announcement, Netskope has made the Cloud Threat Exchange free and open to customers that wish to use the technology to collaborate on sharing indicators of compromise (IOCs). Any certified, partner, vendor, or customer may use Cloud Threat Exchange to automate the delivery and distribution of high-value, actionable threat intelligence, thus reducing the time to protection and eliminating gaps in coverage. Cloud Threat Exchange is supported by a wide range of members certified by Netskope, which include VMware Carbon Black, CrowdStrike, Cybereason, Mimecast, SentinelOne, and ThreatQuotient. Together, this ecosystem helps mutual customers maximize the benefit of their protections by leveraging threat intelligence across multiple enforcement points.
Historically, there have been multiple barriers to sharing threat intelligence, which made it difficult to implement at scale. For example, vendors might use APIs or data formats that require proprietary tools or plug-ins to commercial products for translation. In addition, the tools are typically built in a hub and spoke manner, making it possible for a single vendor (the hub) to benefit from multiple sources of threat intelligence (spokes), but lacking the ability to set up any other type of threat sharing arrangement.
Cloud Threat Exchange breaks through these limitations by providing a free tool that can be used between any members that wish to exchange threat intelligence. This flexibility makes it possible for a relationship directly between peers that does not require intermediation by Netskope.
According to Netskope's August 2020 Cloud and Threat Report, cybercriminals are continuing to use the cloud as an attack vector in new ways, and this has only been exacerbated by the surge in remote working caused by the COVID-19 pandemic. Between January 1, 2020 and June 30, 2020, cloud malware delivery and cloud phishing were the two most common types of cloud threats, and 63% of malware was delivered over cloud applications. These challenges require multiple defenses with unique capabilities and focus points to share timely threat intelligence. For example, a threat actor may combine multiple types of attacks including phishing, malware, and data theft. An organization improves their capabilities to stop such an attack by sharing details of the threats across all of their protections, which is enabled through the use of Cloud Threat Exchange.
Cloud Threat Exchange features include:
- Facilitates the exchange of threat indicators between vendors, including file hashes, malicious URLs, and DLP file signatures, thus providing customers with fast, up-to-date protection across their security investments.
- Reduces time between new threat discovery and protection implementation, allowing organizations to keep up with the ever-evolving threat landscape.
- Establishes full IOC exchange with leading security providers, including endpoint detection and response, threat intelligence, managed detection and response, email security, and ticket management systems. Other vendors are easily added by customers or partners building their own plug-ins.
- Works with indicators delivered via STIX/TAXII standards enabling information sharing for real-time network defense.
"Speeding the delivery and dissemination of threat intelligence is crucial for building a strong cybersecurity program," said Krishna Narayanaswamy, Co-founder and CTO, Netskope. "We believe vendors need to make it as easy as possible to automate the exchange of threat indicators and the Cloud Threat Exchange breaks down the silo walls between security disciplines and helps make every organization safer."
Cloud Threat Exchange is available now, at no additional cost to Netskope customers, partners, and vendors. To learn more, visit: netskope.com/cloud-threat-exchange
"For security and IT teams, now is the time to refocus defenses as the threat landscape evolves and attacks become more frequent and increasingly sophisticated," said Tom Corn, Senior Vice President, Security Business Unit, VMware. "To meet the security demands of transforming organizations and distributed workforces, VMware Carbon Black is going beyond legacy approaches to bring our customers industry leading cloud native endpoint and workload protection with the added power of ecosystems like the Netskope Cloud Threat Exchange. We are delivering on a vision for the next-generation SOC with unprecedented visibility and threat intelligence to help our customers better secure endpoints, networks, workloads, and containers."
"Staying ahead of today's ever-evolving threat actors is critical and can't be accomplished without effective security intelligence. Organizations must arm themselves with the right technology and advanced data to ensure that they can quickly detect adversary activity, and thus protect their business's most valuable assets from being destroyed or stolen," said Matthew Polly, Vice President of Worldwide Alliances, Channels and Business Development, CrowdStrike. "CrowdStrike is excited to join this exchange that will provide joint customers the choice to operationalize their IOCs to proactively prevent and respond to all attack vectors to improve their security posture."
"Enterprises are facing a constant barrage of cyber attacks from motivated and patient threat actors and nation-states. With an expanding footprint to protect, the launch of Netskope's Cloud Threat Exchange is welcomed by Cybereason because intelligence gathering and information sharing is vitally important to detecting, preventing and mitigating risks and hardening our cyber resiliency," said Yonatan Striem-Amit, Chief Technology Officer and Cofounder, Cybereason.
"The sharing of threat data between solutions is paramount in the fight against the growing onslaught or attacks our customers face on a daily basis," said Julian Martin, Vice President of Business Development, Mimecast. "Mimecast will now be able to identify an attack at the email gateway and by utilizing Cloud Threat Exchange, can immediately notify the other solutions within the security architecture. This will vastly improve joint customers' speed of response and alleviate any potential risk to the business."
"Most traditional and next-gen approaches to securing the enterprise only rely on scanning files to detect attacks, which makes them extremely vulnerable to new attack techniques," said Chuck Fontana, SVP Business & Corporate Development, SentinelOne. "We're proud to be part of the Cloud Threat Exchange and share our patented behavioral AI intelligence, helping enterprises defend every attack surface from endpoint to cloud to IoT device."
"Today's dynamic cloud environments require a proactive approach to security operations. In collaboration with Netskope's Cloud Threat Exchange, ThreatQuotient looks forward to strengthening organizations' access to fast, real-time and actionable threat intelligence. By proactively informing cyber defense postures and security initiatives, organizations can reduce time spent protecting enforcement points," said Haig Colter, Director of Alliances, ThreatQuotient.
VMware and Carbon Black are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and other jurisdictions.
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and delivers data-centric security from one of the world's largest and fastest security networks, empowering the largest organizations in the world with the right balance of protection and speed they need to enable business velocity and secure their digital transformation journey. Reimagine your perimeter with Netskope.
Offleash for Netskope