The speed and nature of cyber attacks on the financial industry has prompted an information sharing network of financial institutions which acts as an early-warning system designed to thwart various forms of attacks.

Soltra, a joint venture of The Depository Trust & Clearing Corporation and The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a cyber-security platform that collects, distills and accelerates the transfer of threat intelligence across financial institutions worldwide.

Over 125 FS-ISAC members and representatives from other critical sectors, government entities and the private sector contributed to the requirements, architecture and design of Soltra’s automation software, the Soltra Edge.

“The reason we build the software is there’s a fundamental economics problem in that cybercrime is very inexpensive to adapt and very costly to defend,” Mark Clancy, CEO of Soltra and chief information security officer at DTCC, told Markets Media. “By sharing information about threats and telling people about what attack infrastructures and methods the criminals are using, we can increase the attackers’ cost, because they have to go out and research new methods and new infrastructures in order to mount attacks.”

Soltra was developed to automate the flow of threat intelligence. Today, most cyber threat information is provided manually to users from various, unconnected industry sources. Because of this, on average, it can take firms seven hours to evaluate each threat.

“Soltra Edge will enable clients to send, receive, and store cyber security threat intelligence in a streamlined and automated format, enabling these firms to deploy safeguards against a potential cyber-attack,” Clancy said.

FS-ISAC has been disseminating information about cyber threats throughout its 14 years of existence, but the information sharing effort began in earnest around 2009.

“We started to share a lot of information among the members about attacks as they were occurring,” Bill Nelson, president of Soltra and president and CEO of FS-ISAC, told Markets Media. “It really took off from the years following that, so it became almost like drinking from a fire hose with so much information that we were sharing.”

Today’s threat intelligence sharing must occur at network speeds, Nelson said. It needs to reduce the workload for security analysts, and be available for all critical sectors in order to share information within each sector and also cross-sector to increase resiliency from cyber threats.

In 2011, FS-ISAC formed a work group on security automation, and DTCC was one of the active participants in that workgroup. “They volunteered to provide some infrastructure around it in terms of the systems that were employed, to start sharing development of repositories of threat indicators and other things,” said Nelson.

Meanwhile, the nature and varieties of threats have escalated.

“If we had this conversation four years ago, we would be talking almost exclusively about criminal threats,” said Clancy. “Criminal threats are still, of course, a significant part of the volume and the intensity of activity, but you also see their emergence of other groups.”

These newer threats, according to Clancy, include ‘hacktivists’, or those groups that are trying to further a political agenda; espionage actors, or those trying to further their nation’s economy or support its military apparatus; and war-like actors, or those who are using destructive means.

Richard Clarke, the former head of homeland security, came up with the acronym CHEW (criminals, hacktivist, espionage and war) to summarize these threats.

“What we find in financial institutions is we each face some mix of all four of those adversaries,” said Clancy. “Retail payments have a different profile than market infrastructures, but we all see some of all four. What we’ve seen in the sharing of threat data is you hear information from institutions about all four of those kinds of threats.”

Featured image via bluebay2014/Dollar Photo Club