After months of planning the country’s first national IT threat service has issued its first threat report to a few early members and is ready to launch a campaign to expand its numbers, including lowering its fee for small businesses.
”We didn’t want cost to be a barrier to people being able to get in,” Robert Gordon, executive director of the Canadian Cyber Threat Exchange (CCTX) said Wednesday in explaining why the introductory fee for a small business was cut from $5,000 to $2,000 a year.
“Part of this is to raise cyber resiliency [among Canadian firms] as broad as we can.”
For the lower fee members will still get threat reports, but won’t be allowed to download electronic data feeds into their systems. Gordon said it was felt small companies wouldn’t benefit from that service. The exchange will discuss with these companies if there are other services that can be added.
Mid-size businesses can join for $20,000 a year and will be allowed to exchange threat data electronically (when it goes live early next year) and named access to the exchange’s proprietary knowledge database.
Gordon also said the exchange’s first monthly report was shown Wednesday at a closed symposium in Toronto for companies that have already signed up or are in the process of becoming paying members. Eventually that report will be issued weekly to members. Also, by the second week in February the exchange will have a portal the sharing of electronic threat data and an online collaboration space for members.
Over time the number of services will be expanded.
Director of the exchange come from some of the country’s biggest enterprises including Air Canada, Bell Canada, Canadian National Railway, Manulife, Telus, TD Bank and Royal Bank.
While many CISOs and infosec pros already get information from vendors, blogs and some threat data from vendors and services they subscribe to, the not-for-profit CCTX hopes to show value by tailoring reports and threat feeds for Canadian customers who don’t want to know about the latest malware sweeping other parts of the world.
The exchange also differs from other threat intelligence groups set up by industry associations and limited to verticals such as the healthcare or financial sectors by having a broad audience.
The cross-industry appeal of the exchange has drawn the admiration of Rick Howard, chief security office of Palo Alto Networks, who was one of the keynote speakers at Wednesday’s symposium and who believes the CCTX is the first national threat exchange in the world.
That’s “fantastic,” he said in an interview.
Having at least one person on the IT or security team dedicated to gathering and handling threat intelligence – even if that person works half time on it – is vital, Howard said. “There has to be somebody tracking adversary activity” in addition to having prevention controls, detection and eradication teams.
“There has to be a recognition that you can’t do it all yourself,” he added, “Tracking every adversary yourself is really hard to do … So that means you have to share your threat intelligence with everybody who can consume it – your peers, your competitors, and anybody else out there who can help you.”
Gordon also announced that EWA Canada will be the exchange’s managed security service provider, and will provide analytics, The exchange itself also has its own analysts.
After working on the exchange for six months Gordon said “it feels really good,” to see the first intelligence report (which is about the FastPOS point of sale malware and the Mirai botnet behind recent distributed denial of service attacks). “I knew it would happen, and it’s always exciting when it actually occurs. It’s a sign we’re here, we’re going forward … It’s something companies have talked about for years – how can the private sector get together and share information, and now its happening.”
The exchange now has 30 organizations either accepted as members or are in the process of of joining. Gordon said he’d like that number doubled by the end of 2017.