* [Blog](https://www.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/) * [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/) * We Can't Do It Alone: Sha... # We Can't Do It Alone: Sharing Threat Intelligence Makes Everyone Safer [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F06%2Fsharing-threat-intelligence%2F) [](https://twitter.com/share?text=We+Can%E2%80%99t+Do+It+Alone%3A+Sharing+Threat+Intelligence+Makes+Everyone+Safer&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F06%2Fsharing-threat-intelligence%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F06%2Fsharing-threat-intelligence%2F&title=We+Can%E2%80%99t+Do+It+Alone%3A+Sharing+Threat+Intelligence+Makes+Everyone+Safer&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2023/06/sharing-threat-intelligence/&ts=markdown) \[\](mailto:?subject=We Can’t Do It Alone: Sharing Threat Intelligence Makes Everyone Safer) Link copied By [Michael Sikorski](https://www.paloaltonetworks.com/blog/author/michael-sikorski/?ts=markdown "Posts by Michael Sikorski") Jun 20, 2023 5 minutes [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown) [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown) [Cyber Threat Alliance](https://www.paloaltonetworks.com/blog/tag/cyber-threat-alliance/?ts=markdown) [threat information sharing](https://www.paloaltonetworks.com/blog/tag/threat-information-sharing/?ts=markdown) [threat intel sharing](https://www.paloaltonetworks.com/blog/tag/threat-intel-sharing/?ts=markdown) [threat intelligence](https://www.paloaltonetworks.com/blog/tag/threat-intelligence/?ts=markdown) [Unit 42](https://www.paloaltonetworks.com/blog/tag/unit-42/?ts=markdown) At Palo Alto Networks and within Unit 42 threat intelligence, we share our findings about threat actor activity regularly with the [Cyber Threat Alliance](https://www.cyberthreatalliance.org/) (CTA) -- an intelligence sharing organization founded in 2014 by Palo Alto Networks alongside several of our competitors. Over the past nearly 10 years, the CTA has grown to include even more cybersecurity vendors. The practice may seem counterintuitive -- in the early days of cybersecurity, part of the edge that set companies apart was having detections others didn't. However, sharing threat intelligence is a vital practice that ultimately makes everyone safer -- and it leaves plenty of room for maintaining a competitive edge. I'm proud to share that I've recently [joined the board of directors of the CTA](https://www.cyberthreatalliance.org/cyber-threat-alliance-announces-new-board-members/), and a key part of what I see as my mission is fostering more sharing of actionable threat intelligence, from within Unit 42, from across the CTA and from new organizations who have yet to join the CTA. Cybersecurity is different from many industries in that we're not simply competing with each other. We're actually trying to stop evil. Threat actors are damaging national security, halting hospital operations, threatening people's livelihoods and more. All of us in the cybersecurity industry share a mission to stop the attacker, and so the days of not collaborating with each other are long gone. The ongoing commitment of Palo Alto Networks to the CTA stems from this knowledge. While public policy changes matter, government alone can't form all the relationships needed to defend against threat actors. The private sector must realize the need and give up the idea of looking bad or good individually, focusing on overall detection across the industry. There's no joy in seeing a competitor suffer a major zero-day that leads to worldwide exploitation. No one company can truly realize their maximum potential without collaborative efforts to reduce the prevalence and impact of global cyberattacks. Of course, we can each set ourselves apart with how we use the threat intelligence we share, offering our customers sophisticated product features and services. ## Threat Intelligence Sharing Success Stories Over the past few years, events such as the attacks on SolarWinds and Colonial Pipeline or the Log4j vulnerability inspired a new emphasis on [operational collaboration](https://www.paloaltonetworks.com/blog/2022/02/cyber-operational-collaboration/). With attackers taking up and putting down infrastructure very quickly these days, both public and private organizations recognize the need to work together so we can move as quickly as possible to make progress against cyberthreats. And specific to the CTA, an early win came in response to the [WannaCry outbreak](https://www.cyberthreatalliance.org/cta-embarks-year-2-enhancing-operational-collaboration/), when within hours, the CTA kicked off an internal collaboration process. This joint effort sped up analysis by 24-48 hours per member, allowing needed protections to be put in place within a key timeframe. Currently, we're seeing a massive benefit of information sharing in Ukraine. I don't believe organizations have ever shared information to this level in the history of cyber -- and the coordination explains [why we haven't seen more harmful impact](https://www.washingtonpost.com/politics/2023/04/25/years-after-discovery-solarwinds-breach-russian-hackers-could-be-struggling/) from cyberattacks, which could have intensified other forms of damage in the region. Closer to home in the U.S., Unit 42 Senior Vice President Wendi Whitmore's participation in the [Cyber Safety Review Board](https://www.cisa.gov/resources-tools/groups/cyber-safety-review-board-csrb) alongside other leaders from government and industry is one example of public and private collaboration. ## The Vision and Sharing Model of the CTA I'm thrilled to be joining the CTA's board because of the organization's focus on fostering sharing between companies that would otherwise compete. I deeply value its vision -- which started as a handshake agreement between two cybersecurity CEOs over a cup of coffee in 2014 -- and am proud to be part of a neutral organization that encourages all companies to work together to make people safer. A big part of what I like about the CTA is the commitment to ensuring that all members participate in sharing. Everyone must share and meet a minimum sharing requirement. The organization doesn't allow free riders or pay-to-play -- you give information in order to receive it. What we do share needs to be actionable, and sharing is done in a structured format that includes contextual information -- increasing the value of what is shared and the ability of members to build real-life protections based on the information. CTA members hold each other accountable as well. If we find a vulnerability in each other's security software, the organization provides a healthy, productive way to coordinate with each other. The sharing platform has evolved over the past seven years, incorporating industry standards like STIX/TAXII, Kill Chain and MITRE ATT\&CK. The [CTA typically shares](https://www.cyberthreatalliance.org/about/our-sharing-model/) "about 11 million observables per month... with an average of three pieces of context per observable." Palo Alto Networks maintains a strong presence across all functions of CTA governance, from the board on down to committees and working groups including Membership, Algorithm and Intelligence, Policy and Standards and others. We continue to walk the walk and spread the word on how an organization like the CTA can be successful and why it matters. ## Get Involved in Coordinating Threat Intelligence There is still work to be done, and we can't do it alone. Please feel free to reach out to me, [Michael Sikorski](https://www.linkedin.com/in/michael-sikorski-408a42190?), for further information on how Palo Alto Networks has benefited from and why we continue to move forward with the CTA mission. If you'd like to join our ranks, the [CTA](https://www.cyberthreatalliance.org/membership/become-a-member/) would love to hear from you! The more we coordinate, the stronger we will become. I envision a future in which we use the force multiplier of thousands of coordinated threat intelligence analysts and cybersecurity professionals to push back the tide of threat actors. *** ** * ** *** ## Related Blogs ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### More on the PAN-OS CVE-2024-3400](https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown) [#### The Palo Alto Networks Full-Court Defense for Apache Log4j](https://www.paloaltonetworks.com/blog/2021/12/defense-for-apache-log4j/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown) [#### Unit 42 Discovers First Known Malware Targeting Windows Containers](https://www.paloaltonetworks.com/blog/2021/06/siloscape-malware-windows-containers/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Unit 42 and Crypsis Combine to Offer Threat Intel, Incident Response](https://www.paloaltonetworks.com/blog/2021/04/threat-intelligence-and-incident-response/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown) [#### The Ransomware Threat: Bigger, Greedier, Attacking the Most Vulnerable](https://www.paloaltonetworks.com/blog/2021/03/ransomware-threat/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown) [#### 2026 Public Sector Cyber Outlook: Identity, AI and the Fight for Trust](https://www.paloaltonetworks.com/blog/2026/01/public-sector-cyber-outlook/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language