Cloud security vendor Netskope today announced its Cloud Threat Exchange, which allows enterprises to automate threat intelligence from multiple vendors and across security enforcement points.

While its initial partner ecosystem primarily includes endpoint detection and response (EDR) and email security vendors — Carbon Black, CrowdStrike, Cybereason, Mimecast, SentinelOne, and ThreatQuotient — Netskope plans to certify other vendors and integrate additional threat intelligence sources over time, said Krishna Narayanaswamy, Netskope CTO and co-founder.

Still, do we need yet another threat-sharing ecosystem? Narayanaswamy says the short answer is yes, and what Netskope offers with Cloud Threat Exchange is different.

“There are solutions out there, but these solutions tend to come with some baggage,” he explained.

Netskope built out a distributed networking and security architecture with centralized visibility, management, and policy enforcement. It provides secure access service edge (SASE) and cloud security, which is becoming increasingly appealing to enterprises that have newly remote workforces because of the COVID-19 pandemic, Narayanaswamy said.

Meanwhile, its customers also typically invest in EDR tools, which generate threat intelligence data from endpoints. “So, in this world where you’re moving more and more remote, the ability to immediately exchange threat information from the network to the endpoint becomes a focus,” he explained.

At the same time, a growing number of security platforms expose APIs to enable security automation. However, most of these use APIs or data formats that require proprietary tools or plug-ins to yet another platform.

“We need a good way of connecting these APIs,” Narayanaswamy said. “So what we are announcing with Cloud Threat Exchange is a connection point.” It is free to Netskope customers, and any certified partner, vendor, or customer can use the tool to share threat intelligence and automate its delivery.

For example, Cloud Threat Exchange allows vendors to share threat indicators such as file hashes, malicious URLs, and DPL file signatures, Narayanaswamy said. “We have sent indicators of compromise like file hashes to an EDR like CrowdStrike so that they can take action behind the scenes, and act on it right away,” he explained.

For the customer, this provides faster detection and remediation, and it also helps them get more out of their security investments. “The security community is always strapped for resources, and time, and money,” Narayanaswamy said. “Anything that we can do to extend that reach, not only of our individual solutions but as a collective thing, is positive.”

The exchange also works with indicators delivered via STIX and TAXII specifications, which aim to standardize threat sharing and mitigation.

Looking ahead, Netskope plans to add plug-ins for other security vendors like those providing security information and event management (SIEM) and managed detection and response (MDR) tools, as well as those outside the security sector, like ticket management systems such as Zendesk and ServiceNow, Narayanaswamy said.

While the Cloud Threat Exchange currently focuses on external threats like malware and spear phishing, the security vendors involved are “equally focused on insider threats as that continues to be a big problem in enterprises,” he added. “EDR vendors, email security vendors, cloud security vendors like Netskope are all expanding the concept of a user risk rating” to combat insider threats, he explained.

So, while each vendor has their own vantage point and system to evaluate risk associated with users, down the road Narayanaswamy envisions the exchange providing “a more 360-degree view of the user.”