Freely subscribe to our NEWSLETTER

The ability to collect and analyse Cyber Threat Intelligence (CTI) is critical, as cyber teams need to anticipate the next move of attackers and the tools and techniques they are likely to use. With the integration of data provided by OpenCTI, companies using both tools can increase their intelligence and analysis capabilities to anticipate, search and respond more quickly and effectively to cyber threats.

For security operations center (SOC) teams, using OpenCTI with Tanium enables them to analyse and contextualise data related to signature-based detection (YARA rules, Tanium Signals, etc.), indicators of compromise (examples of phishing emails, IP address lists, etc.), techniques, tactics and procedures (TTPs) and cyber attribution. Organisations will be able to feed the Tanium platform with the latest and relevant intelligence data provided by OpenCTI, providing them with the ability to aggregate several sources of threat intelligence.

The OpenCTI project is led by the non-profit organisation Luatix, the French National Cybersecurity Agency (ANSSI) and the European Union CSIRT (CERT-EU), with many contributions from European and American organisations. It answers the need for organising cyber threat intelligence sources and enhancing the use of CTI for risk prevention and management. Community-developed connectors for CTI providers support organisations rolling out OpenCTI’s architecture by allowing them to make use of its many threat intelligence sources (both public and private) in their Tanium platform.

With more than 500 large organisations already using OpenCTI worldwide, including several Tanium customers, the platform embodies a community-based approach which is essential to enhancing cybersecurity tools that are integrated within a diverse ecosystem of sources. The creation of the connector between OpenCTI and the Tanium platform also highlights the benefit for organisations in using open and scalable solutions, as opposed to single-use solutions operating in silos. Tanium plans to further develop this collaboration later this year.

“ESG research continually tells us that security teams can’t get enough threat intelligence from their security vendors, with many reporting the use of multiple intelligence sources”, said Dave Gruber, Senior Analyst at ESG. “Security analysts depend on third-party threat intelligence to help detect and analyze threats. However, like other security data pipeline challenges, aggregating, correlating and analysing threat intelligence from multiple sources can be a complicated process. Collaboration between threat intelligence platforms like OpenCTI and Tanium can help overcome this challenge, allowing security teams to get the most out of their intelligence sources while optimising operational processes.”