As of this week, the 16,000 users of the Open Source Security Information and Event Management (OSSIM) system will be able to freely share threat data on an open exchange initiated by OSSIM's creator, security firm AlienVault.
The size of this open source user base, combined with the 2,000 customers using AlienVault's off-the-shelf product, will make the new Open Threat Exchange (OTX) the largest community-based alert system of its kind, AlienVault's officials claim.
"Our belief is that this type of information should be more widely available to help fight cybercrime," Richard Kirk, European director of AlienVault, told Computing.
"Other threat intelligence services are often based on data from a single type of security device, are available to only a select set of users, or require a subscription."
The OTX is included as a free opt-in in the latest iteration of OSSIM, released today. It will harvest threat data from all security devices it manages on the network. This includes firewalls, proxy servers, web servers, anti-virus systems, intrusion detection and prevention systems. This data is then cleansed, rendered anonymous and sent to AlienVault's researchers.
After the data has been reviewed "to ensure that only the most accurate and actionable intelligence is published," said Kirk, it is published in an open database – the OTX – and made available to other participating OSSIM and AlienVault users to help protect their systems from emerging threats.
The initiative has been welcomed by OSSIM users.
"With the AlienVault OTX an attack on any part of our network or on any member of the AlienVault community alerts everybody in the community and helps us all respond to threats far more effectively," said Jose Louis Gilperez, director of product development and security innovation at Telefonica Digital.
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed