LevelBlue Labs Open Threat Exchange
Photo Gallery
LevelBlue Labs Open Threat Exchange
Additional Info
Company | LevelBlue |
Website | https://www.levelblue.com/ |
Company size (employees) | 1,000 to 4,999 |
Headquarters Region | North America |
Overview
Threat sharing in the security industry remains mainly ad-hoc and informal, filled with blind spots, frustration, and pitfalls. Security research tends to be an insular process, and rarely do individuals/groups share threat data. The LevelBlue Labs Open Threat Exchange (OTXTM) (formally AT&T Cybersecurity Alien Labs) helps to solve this problem. OTX is among the world’s largest open and free threat intelligence communities, with over 200K global security and IT professionals submitting data daily for sharing, researching, and validating the latest threats, trends, and techniques. OTX provides context and details on threats, including threat actors, organizations and industries targeted, and related indicators of compromise (IoCs). LevelBlue uses the power of its OTX community to automate and speed up the collection of those IoCs and allow for the feeding of threat intelligence into other security platforms that can be used to speed up detection and response.
OTX was designed to make threat intelligence freely accessible to the larger community and has changed how the intelligence community creates and consumes threat data, helping users automate the extraction of threat intelligence and increase threat detection.
Key Capabilities / Features
OTX helps users automate the extraction of threat intelligence from dozens of file types to create an intelligence feed that can be fed into any security platform using STIX / TAXII. The platform automatically analyzes suspicious threats by running files/URLs through the LevelBlue Labs malware and threat analysis engine, which includes multiple layers of automated checks, analytics, and machine learning (ML). When users contribute threat indicators to OTX, they can also classify, search, and filter data based on specific industries to identify the emerging threats that are most relevant to their work. OTX adversary pages compile threat information from various sources about specific threat actors and groups, such as APT29 and Lazarus Group. Threat data is also directly integrated into LevelBlue and third-party security services and solutions, so threat detection defenses are up-to-date.
Using OTX’s extraction tool, users create pulses to automatically pull IoCs from many sources, including websites, blogs, PDF reports, email, PCAP, STIX, OpenIOC, CSV, or text files. Importantly, OTX’s backend systems —powered by analytics, machine learning, and human intelligence from LevelBlue Labs—provide auto-enrichment of threat indicators, adding valuable contexts, such as associated infrastructure or related infrastructure IOCs.
How we are different
OTX is a SaaS-delivered threat intelligence platform, meaning that users of OTX do not need to deploy any infrastructure, and the service automatically scales with demand. This flexibility is essential when facing a changing threat environment that grows under pressure from external forces.
Most threat intelligence solutions on the market are either private groups that require a high level of technical expertise and continuous contribution to remain a member or commercial solutions that are expensive and beyond the reach of many customers. OTX has over 200,000 participants in 140 countries, contributing over 20 million threat indicators daily. Members join for free and subscribe to the most trusted pulses in the community. OTX pulses provide key details about a threat and enable security teams to pivot between indicators to speed response efforts quickly.
OTX also provides open integration with other security technologies, from open source to commercial products, including direct API connections for Bro and Suricata IDS and the TAXII specification. Furthermore, OTX provides open SDKs in Java and Python.