Fortinet and Palo Alto Networks expect to lure other security vendors to join and share intelligence.
Fortinet and Palo Alto Networks expect to lure other security vendors to join and share intelligence.

In response to the growing threat of malware and the difficulty thwarting it, Fortinet and Palo Alto Networks have joined forces to create what they call the industry's first cyber defense consortium where security companies can amass and share threat intelligence.

The aim of the consortium is to improve cross-industry, cross-vendor threat intelligence, coordination of incident response and prevention of cyber attacks that use advanced malware.

“Unlike other consortium efforts, the focus of this consortium is to share fresh malware — those that have been discovered within the last 48 hours and not found on VirusTotal,” Raj Shah, head of cyber security marketing, at Palo Alto Networks, told SCMagazine.com in a Friday email correspondence. “The collection of threat intelligence across organizations significantly accelerates our ability to protect customers from emerging threats.”

John Maddison, vice president of marketing for Fortinet, told SCMagazine.com in an email correspondence on Friday that the consortium “should have been formed a while ago. Over the past 10 years, the only real industry collaboration has been the sharing of signatures among the anti-virus (AV) vendors,” which, he said “was a slow process and gave no indication about how important each sample was.”

Noting that the “majority of AV signatures do not stop advanced threats" and that "the number and scale of breaches is on the rise,” Maddison said that “the security industry owes it to its customers to work together to provide the best defense possible. Security vendors have to start behaving as responsible security citizens rather than figuring out how to gain an advantage over one another.”

From their vantage point in the industry, Fortinet and Palo Alto Networks are well-positioned to help stop advanced threats at the network level, Maddison said.

“The endpoint is still relevant, but long term, the network will be the place to detect and mitigate,” he explained.

The founding members expect to be joined by other security companies “that will be willing to put aside the fact that they are working with their competitors for the greater good of providing better protection for their customers,” said Shah. “We have had interest from other security vendors and will continue to engage them as we move forward with the consortium.”

Maddison stressed that the companies “want to make sure this is more than a ‘club,' but rather a serious attempt to share very important threat intelligence,” so there are some membership requirements and guidelines regarding contribution criteria. The first order of business for the group, he said, is to build “a framework to share threat intelligence as quickly as possible across a broad spectrum of security vendors.”

That infrastructure will serve as a platform for sharing “fresh malware samples that could break the infection chain of an advanced threat,” Maddison explained. “Next, we'll work with organizations and standards bodies to provide structure and resiliency around the threat intelligence sharing mechanisms.”