Governance & Risk Management , Information Sharing , Training & Security Leadership
Plug Pulled on Soltra Edge Threat Info Sharing PlatformFS-ISAC Doesn't Specify Why It's Automated Service Is Being Discontinued
Just two years after its launch, Soltra Edge, the automated threat-intelligence sharing platform, is being taken off the market. The Financial Services Information Sharing and Analysis Center and the private firm The Depository Trust and Clearing Corp., which partnered to introduce the platform, announced on Nov. 15 that Soltra Edge will no longer be supported or available for renewal after March 31, 2017.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
"While the decision to close the business was not easy, DTCC, as a user-owned and governed market utility, and FS-ISAC, as a member-driven, non-profit organization, must regularly review our product offerings to ensure we remain in alignment with our mission to address the financial industry's most critical challenges while carefully managing our expense base," the two organizations note in a customer letter posted to the Soltra website.
"We understand the decision to close the business may impact your usage of Soltra Edge," the letter continues. "The FS-ISAC Threat Intelligence Repository uses the Soltra Edge software, and as a result, FS-ISAC will begin to look at alternatives to replace its instance of Soltra Edge after the March 31 sunset date. FS-ISAC will, however, continue to support the Threat Intelligence Repository under Soltra Edge in the interim."
The FS-ISAC and DTCC say they will be exploring options to make Soltra Edge available as open-source software.
Neither the FS-ISAC nor DTCC responded to Information Security Media Group's request for comment about their decision.
Lack of Adoption
Several cybersecurity experts say Soltra Edge was never widely adopted by financial institutions and likely is being discontinued because it hasn't been profitable.
"It's got to be financial," says David Shroyer, managing director of information and cybersecurity at Queen Associates, an IT consultancy and staffing agency. "I think it's a lack of adoption."
Shroyer, a former bank CISO, says Soltra Edge was not used by all of the country's top banks, and if penetration was low at community and regional institutions as well, that might have led to the decision to pull the plug.
"Part of Soltra was free; but the more advanced version was not. ... Not all the top 50 [banks] have adopted it, instead relying on the different groups, relationships and email lists to provide cyber intelligence," Shroyer adds.
Financial fraud expert Avivah Litan, an analyst at the consultancy Gartner, says discontinuing Soltra Edge was a business decision. "Too bad it failed," she adds. "It was a really good service."
In addition to the banking sector, Soltra Edge is also used in other industries, including retail and healthcare.
Despite Changes, Utilization Weak
The Soltra Edge model and support system changed quite a bit over the last year, says Brian Engle, executive director of the Retail Cyber Intelligence Sharing Center, which works closely with the FS-ISAC to share cross-industry threat intelligence. "But utilization of automated indicator sharing hasn't been extremely high, from what I understand," he says.
Instead, many organizations continue to rely on manual information sharing facilitated through email exchanges and message boards - services the FS-ISAC and other ISACs also provide and support, Engle adds.
"Automated indicator sharing is really only a part of the equation," Engle says. "So much of the valued sharing that is taking place is done within other methods that include deep analysis, contextual exchanges of information beyond raw indicators and collaborative conversations that include not only indicators, but also insights into techniques and effective solutions. The need for automated platforms will continue, and we'll have to see how innovators in the space step in to fill the gap that Soltra's departure will create."
Denise Anderson, president of the National Health Information Sharing and Analysis Center, says that while the news of Soltra Edge's retirement is "disappointing," information sharing within the healthcare space won't be significantly crippled or stunted by its demise.
"As one of the initial supporters and users of Soltra Edge, NH-ISAC is deeply disappointed in the announcement this week, as well as the way it was handled," she says. "That being said, the announcement should have relatively little impact on our members' abilities to share in machine-to-machine fashion. NH-ISAC currently runs its own instance of Soltra; we were already engaged in strategies to enhance automated sharing within the HPH [health/public health] sector."
Cybersecurity attorney Chris Pierson, general counsel and CISO of invoicing and payments provider Viewpost, says Soltra Edge's departure from the market will open doors for new companies and platforms to step in. "There are a number of companies that can move into this opportunity and use the same sharing formats to provide the necessary information sharing backbone," he says. "I think this provides a few companies with a very nice business opportunity and opening to an audience that has already shown great product-market fit for these tools."
Use of Automated Threat-Intelligence Sharing
Soltra Edge has been downloaded more than 11,000 times and used by nearly 3,000 organizations in nearly 80 countries, according to the Nov. 15 statement from FS-ISAC and DTCC. But the statement does not address what percentage of those downloads were for the free, basic-license version of Soltra Edge versus the more advanced version, which requires payment.
Martin Voorzanger, spokesman for automated threat-intelligence platform provider EclecticIQ, a Soltra Edge competitor, claims most Soltra users relied on the free version of the platform.
"We would be the first to step up, when FS-ISAC and DTCC open-source the product, to offer support," he adds.
FS-ISAC will need to find a replacement for Soltra Edge to ensure that its Threat Intelligence Repository continues to operate. And Shroyer says banking institutions and organizations that have relied on Soltra Edge will have to replace their software, too. "Without a capable replacement for Soltra Edge, it will leave a gap for threat-intelligence sharing," he says. "Banks will have to go to another company."
STIX and TAXII Will Survive
Soltra Edge helped to propel automated information sharing through the use of open-source standards, such as the Structured Threat Information eXpression, or STIX, and the Trusted Automated eXchange of Indicator Information, or TAXII.
STIX is a uniform format for threat information; TAXII is a protocol for routing threat information.
The use of STIX and TAXII will continue, even without Soltra Edge, says Shroyer of Queen Associates. "The framework that STIX/TAXII provides should continue, as it is a solid method for exchanging information," he says. "What tool is adopted across the board will be interesting. I think it will depend on how valuable the users see the software being, and how well it ensures integration into new systems surrounding the space."
(Executive Editor Marianne Kolbasuk McGee contributed to this story).