Netskope Cloud Threat Exchange: Enabling real-time sharing of threat intelligence in the cloud

Netskope announced the Cloud Threat Exchange, one of the industry’s first cloud-based solutions for the ingestion, curation, and real-time sharing of threat intelligence across enterprise security enforcement points.

With this announcement, Netskope has made the Cloud Threat Exchange free and open to customers that wish to use the technology to collaborate on sharing indicators of compromise (IOCs).

Any certified, partner, vendor, or customer may use Cloud Threat Exchange to automate the delivery and distribution of high-value, actionable threat intelligence, thus reducing the time to protection and eliminating gaps in coverage.

Cloud Threat Exchange is supported by a wide range of members certified by Netskope, which include VMWare Carbon Black, CrowdStrike, Cybereason, Mimecast, SentinelOne, and ThreatQuotient. Together, this ecosystem helps mutual customers maximize the benefit of their protections by leveraging threat intelligence across multiple enforcement points.

Historically, there have been multiple barriers to sharing threat intelligence, which made it difficult to implement at scale. For example, vendors might use APIs or data formats that require proprietary tools or plug-ins to commercial products for translation.

In addition, the tools are typically built in a hub and spoke manner, making it possible for a single vendor (the hub) to benefit from multiple sources of threat intelligence (spokes), but lacking the ability to set up any other type of threat sharing arrangement.

Cloud Threat Exchange breaks through these limitations by providing a free tool that can be used between any members that wish to exchange threat intelligence. This flexibility makes it possible for a relationship directly between peers that does not require intermediation by Netskope.

According to Netskope’s August 2020 Cloud and Threat Report, cybercriminals are continuing to use the cloud as an attack vector in new ways, and this has only been exacerbated by the surge in remote working caused by the COVID-19 pandemic.

Between January 1, 2020 and June 30, 2020, cloud malware delivery and cloud phishing were the two most common types of cloud threats, and 63% of malware was delivered over cloud applications. These challenges require multiple defenses with unique capabilities and focus points to share timely threat intelligence.

For example, a threat actor may combine multiple types of attacks including phishing, malware, and data theft. An organization improves their capabilities to stop such an attack by sharing details of the threats across all of their protections, which is enabled through the use of Cloud Threat Exchange.

Cloud Threat Exchange features include:

  • Facilitates the exchange of threat indicators between vendors, including file hashes, malicious URLs, and DLP file signatures, thus providing customers with fast, up-to-date protection across their security investments.
  • Reduces time between new threat discovery and protection implementation, allowing organizations to keep up with the ever-evolving threat landscape.
  • Establishes full IOC exchange with leading security providers, including endpoint detection and response, threat intelligence, managed detection and response, email security, and ticket management systems. Other vendors are easily added by customers or partners building their own plug-ins.
  • Works with indicators delivered via STIX/TAXII standards enabling information sharing for real-time network defense.

“Speeding the delivery and dissemination of threat intelligence is crucial for building a strong cybersecurity program,” said Krishna Narayanaswamy, Co-founder and CTO, Netskope.

“We believe vendors need to make it as easy as possible to automate the exchange of threat indicators and the Cloud Threat Exchange breaks down the silo walls between security disciplines and helps make every organization safer.”

“For security and IT teams, now is the time to refocus defenses as the threat landscape evolves and attacks become more frequent and increasingly sophisticated,” said Tom Corn, Senior Vice President, Security Business Unit, VMware.

“To meet the security demands of transforming organizations and distributed workforces, VMware Carbon Black is going beyond legacy approaches to bring our customers industry leading cloud native endpoint and workload protection with the added power of ecosystems like the Netskope Cloud Threat Exchange.

“We are delivering on a vision for the next-generation SOC with unprecedented visibility and threat intelligence to help our customers better secure endpoints, networks, workloads, and containers.”

“Staying ahead of today’s ever-evolving threat actors is critical and can’t be accomplished without effective security intelligence. Organizations must arm themselves with the right technology and advanced data to ensure that they can quickly detect adversary activity, and thus protect their business’s most valuable assets from being destroyed or stolen,” said Matthew Polly, Vice President of Worldwide Alliances, Channels and Business Development, CrowdStrike.

“CrowdStrike is excited to join this exchange that will provide joint customers the choice to operationalize their IOCs to proactively prevent and respond to all attack vectors to improve their security posture.”

More about

Don't miss