Collaboration and intelligence sharing may be the way forward in tackling cyber threats, say experts.
Speaking at cyber security firm Fortinet's international media conference in Sophia Antipolis, France this week, global security strategist Derek Manky said information sharing was invaluable in fighting cyber attacks.
The Cyber Threat Alliance (CTA), founded in 2014 before becoming known as a not-for-profit organisation in 2017, is a collaborative effort by industry players to identify cyber threats, Manky explained.
Apart from Fortinet, other members include McAfee, Cisco and Palo Alto networks, as well as others in the cyber security and software space.
President and CEO Michael Daniel is a former cyber advisor to former US President Barack Obama.
WannaCry and 'a big win'
According to Manky, members engage whenever there is a cyber security threat, in an effort to understand and ultimately stop it. "When things like [ransomware] WannaCry break we all get on the phone and talk about it," he said.
Through engagements on WannaCry, the alliance put to bed rumours that the ransomware had spread through email, identifying it as a worm, Manky said.
Manky shared how Fortinet is working with law enforcement.
Fortinet collaborated with Interpol and in one instance nabbed a cyber attacker in Nigeria who was prosecuted for his phishing efforts, which saw millions diverted from bank accounts.
"We got a warrant of arrest for the guy, and got a whole lot of evidence from his computers to prosecute him. It was a big win," Manky told delegates.
Fortinet also works with the North Atlantic Treaty organisation – with a focus on cyber warfare.
The CTA relies on an information sharing model, where information about cyber threats is uploaded to a platform, from which other members have access.
The first version was limited to sharing of virus information and on creating a global platform.
Each member has a weekly threshold that they need to meet in terms of sharing information. If a member falls below the threshold, the organisation will look at ways of helping them. If a member is not active for a while, then that means they are not in good standing with the alliance and will fall out.
Level playing field
Once information is shared on the platform, it is up to members to decide how they will treat the information.
"We level the playing field in terms of intelligence. It is up to the vendor to connect the plumbing – (that is) how they take the intelligence and make it actionable."
Manky clarified that members are still competitors.
Patrice Perche, Fortinet senior executive vice president, worldwide sales and support, shared views with Fin24 about collaboration efforts. He said there was increasing collaboration with local governments and Interpol.
A benefit is that the exchanges occur in real time, which makes the information shared more valuable, he explained, as responses can be undertaken without delay.
*Fin24 is a guest of Fortinet's international media conference in Sophia Antipolis, France
*CORRECTION: A previous version of the article stated that the CTA works with Nato and Interpol, it was updated on November 21 at 09:15 to indicate that Fortinet has worked with these organisations.
* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER