After months of planning the countryโs first national IT threat service has issued its first threat report to a few early members and is ready to launch a campaign to expand its numbers, including lowering its fee for small businesses.
โWe didnโt want cost to be a barrier to people being able to get in,โ Robert Gordon, executive director of the Canadian Cyber Threat Exchange (CCTX) said Wednesday in explaining why the introductory fee for a small business was cut from $5,000 to $2,000 a year.
โPart of this is to raise cyber resiliency [among Canadian firms] as broad as we can.โ
For the lower fee members will still get threat reports, but wonโt be allowed to download electronic data feeds into their systems. Gordon said it was felt small companies wouldnโt benefit from that service. The exchange will discuss with these companies if there are other services that can be added.
Mid-size businesses can join for $20,000 a year and will be allowed to exchange threat data electronically (when it goes live early next year) and named access to the exchangeโs proprietary knowledge database.
Gordon also said the exchangeโs first monthly report was shown Wednesday at a closed symposium in Toronto for companies that have already signed up or are in the process of becoming paying members. Eventually that report will be issued weekly to members. Also, by the second week in February the exchange will have a portal the sharing of electronic threat data and an online collaboration space for members.
Over time the number of services will be expanded.
Director of the exchange come from some of the countryโs biggest enterprises including Air Canada, Bell Canada, Canadian National Railway, Manulife, Telus, TD Bank and Royal Bank.
While many CISOs and infosec pros already get information from vendors, blogs and some threat data from vendors and services they subscribe to, the not-for-profit CCTX hopes to show value by tailoring reports and threat feeds for Canadian customers who donโt want to know about the latest malware sweeping other parts of the world.
The exchange also differs from other threat intelligence groups set up by industry associations and limited to verticals such as the healthcare or financial sectors by having a broad audience.
The cross-industry appeal of the exchange has drawn the admiration of Rick Howard, chief security office of Palo Alto Networks, who was one of the keynote speakers at Wednesdayโs symposium and who believes the CCTX is the first national threat exchange in the world.
Thatโs โfantastic,โ he said in an interview.
Having at least one person on the IT or security team dedicated to gathering and handling threat intelligence โ even if that person works half time on it โ is vital, Howard said. โThere has to be somebody tracking adversary activityโ in addition to having prevention controls, detection and eradication teams.
โThere has to be a recognition that you canโt do it all yourself,โ he added, โTracking every adversary yourself is really hard to do โฆ So that means you have to share your threat intelligence with everybody who can consume it โ your peers, your competitors, and anybody else out there who can help you.โ
Gordon also announced that EWA Canada will be the exchangeโs managed security service provider, and will provide analytics, The exchange itself also has its own analysts.
After working on the exchange for six months Gordon said โit feels really good,โ to see the first intelligence report (which is aboutย the FastPOS point of sale malware ย and the Mirai botnet behind recent distributed denial of service attacks).ย โI knew it would happen, and itโs always exciting when it actually occurs. Itโs a sign weโre here, weโre going forward โฆ Itโs something companies have talked about for years โ how can the private sector get together and share information, and now its happening.โ
The exchange now has 30 organizations either accepted as members or are in the process of of joining. Gordon said heโd like that number doubled by the end of 2017.