Soltra, the cyberthreat information-sharing joint venture set up by financial-sector institutions, has been reprieved after it was bought by security firm NC4.
“Soltra is a tremendous solution, which pioneered the use of automated threat-indicator sharing,” NC4 founder Aubrey Chernick told CyberScoop. The purchase, the terms of which were not disclosed, will offer “great synergies” to the El Segundo, California-based company and “fill a great need for for information sharing at higher speed and in a more structured fashion,” he said.
Soltra’s founders, the Depository Trust and Clearing Corporation and the Financial Services Information and Sharing Analysis Center, had announced earlier this month that they would shutter their pioneering joint venture.
Soltra was the first cybersecurity information-sharing effort to make use of automated machine-to-machine communication through the Structured Threat Information Expression (STIX) and the Automated Exchange of Indicator Information (TAXII) — standardized data formats developed with the support of the Department of Homeland Security that allow organizations to share, machine-to-machine and in realtime, cyberthreat data like IP addresses associated with malware.
The DTCC and FS-ISAC “decided they wanted to find a better home for Soltra,” Chernick said, one with more commercial experience and sales expertise. FS-ISAC is a nonprofit and DTCC is a user-owned market utility.
Soltra’s flagship product — a peer-to-peer automated information-sharing system designed for the financial services sector called Soltra Edge — is currently used by more than 2,800 organizations and governments in 75 countries around the world, the company says.
But despite that, Soltra floundered in it its attempt to commercialize what had been launched as free download, according to people familiar with the effort.
NC4, which historically has offered risk management and physical security solutions to the financial sector and other critical industries, ventured into cyber more than a decade ago when it bought the ESP Group and began to offer its Cyber Threat Exchange, or CTX, product — a cloud-based service with a secure portal for cybersecurity experts to collaborate and share information “human-to-human,” said Chernick.
CTX is currently used by 3,000 organizations representing approximately 16,000 cybersecurity professionals across 30 communities, according to the NC4 website.
“Soltra Edge allows us to extend our offerings into machine-to-machine information-sharing,” said Chernick.
“A great deal of software development has been going on” at Soltra, he said, “We’re very excited.”
He said that the latest version of Soltra Edge, 2.9, would be rolled out before the end of the year — as a paid product with an annual license fee. “We’ll say more about the timing … [and] the price point over the next couple of weeks,” he said.
He said Soltra would continue to offer “value-added services” to users of the the free version, 2.8, but was working on cloud-based solution offerings and other updates next year.
Chernick said he had three immediate priorities:
- Solidify support for existing customers.
- Roll-out Soltra Edge version 2.9 during December and January.
- Have a real discussion about the strategic direction of the company’s cyber offerings.
Chernick said plans for the Soltra workforce had still to be worked out. When Soltra became available, he said, “We had to move fast,” to close the deal.
“Now we need to figure out who we need going forward,” he said. “We don’t have a specific number” of people they want to keep on. “We’re having a lot of conversations [with current and former Soltra staff] to determine where the good fits are … a lot of decisions have to be made very quickly.”