Confer and The MITRE Corporation Join Forces to Accelerate Threat Sharing and Operationalize Threat Intelligence
June 18, 2014
Open Source CRITs Platform and the Confer Threat Exchange enable companies to seamlessly share information on cyber attacks
WALTHAM, Mass., June 18, 2014 /PRNewswire/ -- Confer, the first company to offer endpoint and server security via an open, threat-based, collaborative platform, and The MITRE Corporation, a not-for-profit organization that has worked closely with government to strengthen our nation's cyber defenses for more than four decades, today announced an agreement to help companies better protect themselves by sharing cyber threat information. As part of this initiative, MITRE's Collaborative Research Into Threats (CRITs) Platform has been released as a new, open source project (http://crits.github.io). Additionally, Confer is releasing the Confer Threat Exchange, which interfaces with CRITs to allow companies to securely share and automatically apply threat intelligence within their own infrastructure.
Based on MITRE research on how to protect the organization's own systems, CRITs is a threat intelligence platform that facilitates aggregation, analysis and sharing of cyber threat information. This threat intelligence can then be used to protect an organization from future attacks. To date, more than 100 companies worldwide have downloaded CRITs under an original no fee, limited use license. The platform is in broad use within several Fortune 100 organizations.
Confer will provide support and integration services for CRITs users and will operate on-premise and cloud-based instances of CRITs for companies who wish to use CRITs as a service.
The Confer Threat Exchange is a production-quality server used to securely exchange information on cyber threats using community-developed structured data exchange formats created by the U.S. Department of Homeland Security (DHS). Information about attackers and their tactics, techniques and procedures are stored within the Confer Threat Exchange.
The Exchange allows users to automatically share and then operationalize intelligence across companies. Confer has engaged with the Financial Services Information Sharing and Analysis Center (FS-ISAC) to ensure data stored in their upcoming Avalanche product can be automatically applied within Confer's endpoint security product and vice-versa, saving both time and money.
"When we started Confer, standards for automated threat sharing were just emerging, and MITRE was at the forefront," said Mark Quinlivan, Confer's CEO. "After almost two years of collaboration, we're excited to be announcing the Confer Threat Exchange. This integration with CRITs will help organizations better leverage threat intelligence and move beyond a reactive, signature-based defense."
"Releasing CRITs as open source marks an important step in making the shift to an active, threat-based defense and facilitating threat sharing across sectors—public and private," said Gary Gagnon, senior vice president and CSO of MITRE. "As an operator of federal R&D centers, MITRE and our government sponsors would like to see this approach become industry practice."
CRITs has already established itself as a key tool in active defense. The Advanced Cyber Security Center (ACSC)—a non-profit consortium, comprised of 27 New England area industry, university, and government organizations, established to address the most advanced cyber threats—leverages CRITs to share threat intelligence among its members.
"At the ACSC, we believe that sharing information across companies and across verticals is an essential component in mounting an active defense against today's advanced threats," said Charlie Benway, executive director for the ACSC. "CRITs helps our membership to instantly share information regarding attempted attacks, look for patterns and ultimately stop the next compromise."