Key Capabilities / Features

Members Upload Information Directly To The Platform:
Member companies upload threat information packages of linked intelligence to the CTA platform. The model requires all packages to contain at least one observable threat with certain accompanying context. Context is organized around the MITRE ATT&CK framework.

CTA’s use of the “STIX 2.1” submission format enables easier sharing and improved readability of indicator and context data, empowering the organization’s members in their efforts to disrupt hostile actors and better protect their customers.

The Information Sharing Platform’s Algorithm Scores Each Submission:
Each threat information package that is submitted to the platform is assigned a total point value at the time of submission and is correlated with other members’ submissions for mutual validation. Packages are attributed to the submitting member, but the affected entity’s data remains anonymous. Members can also earn points by validating observable threats previously submitted by other members while including new or additional context. CTA’s scoring system is intended to emphasize the submission of information that is most valued by our members.

Members Ability To Extract Data From The Platform:
Members can set filters to access specific submissions from other members. Available filters include the submitting member company, the threat actor’s name, and the submission date. On average, members share over 10 million observables each month.

How we are different

Fostering collaboration between competitors:
CTA was born from the realization that sharing threat information across cybersecurity competitors is essential to maintaining security in an increasingly complex threat environment. Since its founding in 2017 by Fortinet, McAfee, Palo Alto Networks, and Symantec, the organization has transformed the cybersecurity industry by fostering collaboration between chief competitors in what is the industry’s first-ever formally established group of its kind.

Early sharing for stronger cybersecurity defense:
CTA’s unique early sharing initiative allows members to share critical defensive information in the form of blog posts and research findings with one another through CTA in advance of public release. Critically, it allows members to undertake defensive preparation of new, sensitive information ahead of time, rather than leaving them scrambling to protect customers after reports are made public, contributing to a higher overall level of protection across the industry.

Adapting to a Generative AI world:
Due to the rapid emergence of generative AI tools in cybersecurity, we can expect to see a higher volume of more customized attacks. CTA is an industry leader in analyzing how to adapt to these changes. In addition to publishing a Joint Analytic Report (JAR) providing analysis of how malicious actors are leveraging Gen-AI for AI-assisted cyber threats, CTA’s members harness artificial intelligence and machine learning to prevent, detect, and respond to emerging cyber threats with unprecedented agility.