Several cybersecurity companies specializing in
industrial control systems (ICS) and other operational technology
(OT) have teamed up to create an open source information sharing
platform that is designed to serve as an early warning system for
critical infrastructure.
The new project, named ETHOS (Emerging
THreat Open Sharing), is a vendor-agnostic technology platform for
sharing threat information anonymously and in real time across
various industries.
The shared information includes indicators of compromise (IoCs)
such as IP addresses, hashes, and domains, which can be useful to
defenders for detecting new threats.
“A real-time, open-source solution that functions almost like a
hotline to correlate information from multiple security vendors to
identify anomalous behaviors is the most feasible concept for
reducing threat actor dwell time and discovering incidents during
the reconnaissance phase of potential attacks,” the project’s
initiators explained. “The goal for ETHOS is to uncover emerging
threats for which there is no threat intelligence available.”
ETHOS currently has a beta API that provides data sharing
functionality, and a server is in development.
Organizations participating in the project can act as clients
and/or host their own server to compare the information that is
shared. ETHOS founding members pointed out that the project is not
a shared proprietary threat intelligence feed and its goal is to
complement existing information sharing platforms.
ETHOS is designed specifically for OT/ICS, but the API can be
used by any type of cybersecurity solution.
Founding ETHOS members include 1898 & Co., ABS Group, Claroty,
Dragos, Forescout, NetRise, Network Perception, Nozomi Networks,
Schneider Electric, Tenable, and Waterfall Security.
