NEW YORK--(BUSINESS WIRE)--Comilion, the cyber-security collaboration company, today announced a decentralized and fully automated platform that enables secure and private bidirectional collaboration within and between organizations in tightly-regulated environments. The platform removes governmental, compliance and corporate policy obstacles that currently prevent security collaboration across company, country and industry boundaries. Some of the world’s leading financial institutions are already deploying Comilion to implement closed, self-managed communities to detect and mitigate cyber-threats in real-time on a global scale.
According to Gartner Inc., the ongoing integration and trusted community-based threat intelligence sharing among your disparate security technologies, business partners and other third-party or vertically aligned organizations should be a stated security program goal [for detecting and mitigating advanced persistent threats]1.
Collaboration is a longstanding practice within the criminal underground. For example, the FBI recently revealed the takedown of “Darkode” - a global collaborative forum used for sharing cybercrime tools. Similar collaboration between organizations remains stymied by security concerns, compliance and technical challenges. Despite these obstacles, companies are recognizing the benefits of community-based security. According to a recent IBM survey, 42 percent of organizations believe collaborating with formal industry-related security groups will increase to 86 percent over the next three to five years.
The Comilion platform is purpose-built to enable and accelerate this process by addressing the roadblocks associated with bi-directional inter-company and multi-jurisdictional security collaboration.
Beyond Threat Feeds: Security Collaboration
To alleviate security and privacy concerns, Comilion is a premises-based platform that uses a completely decentralized peer-to-peer architecture and deploys as a node on existing networks. It integrates with security infrastructures including SIEM systems, intelligence repositories and other security appliances. Comilion constantly identifies and shares threat indicators, malicious activity and critical security-related trends to authorized users to facilitate collaborative threat research and response between internal security groups or peer groups from different companies.
Complete Data Ownership
For complete control over intelligence sharing and to prevent an organization’s data from being exposed to unintended internal or external peers, the Comilion platform uses customizable rules-based distribution policies which enforce data ownership policies using TLP (Traffic Light Protocol). TLP is a set of designations used by US-CERT and others to ensure that sensitive information is only shared with the correct audience. It enables Comilion to provide advanced sharing mechanisms including revoking shared data, timely data exposure, relevancy based sharing and more.
Automated Regulatory and Privacy Compliance
To prevent data sharing that would violate industry regulations, geo-political legislation and corporate confidentiality policies, Comilion automatically monitors data sharing and enforces pre-defined rules to ensure compliance with all of the above across multiple jurisdictions and vertical markets. Comilion includes pre-built rules for all leading industry mandates including “Privacy by Design” practices, data protection, EU Data Protection Directive, SOX, BASEL III and more.
For iron-clad data privacy and trusted collaboration, Comilion uses a relevancy based sharing (RBS) model - this proprietary technology enables sharing and exposure of the data to only affected organizations within each collaboration community. By automating the analysis and verification of each shared data item and threat indicator Comilion ensures information is only exposed to members of a community for whom it is relevant. This methodology guarantees that information privacy is protected at all times.
Professor Omer Tene from Stanford Law School and vice president of the IAPP (International Association for Privacy Protection) says: “Comilion is a good example of privacy by design. By restricting data sharing to the minimum amount necessary, while at the same time deploying state of the art encryption and de-identification technologies, Comilion secures the benefits of data sharing and manages risks to individuals’ privacy rights."
“Cyber collaboration between or within companies, across industries and with government agencies is at an impasse due to security concerns and technical implementation challenges,” said Kobi Freedman, CEO of Comilion. “Comilion has developed a decentralized, secure and automated infrastructure that enables participants to maintain ownership of their data, avoid regulatory compliance violations and only receive data that is relevant to their environment.”
Availability and Pricing
Comilion is available immediately for top tier enterprises at this stage. Subscription pricing is based on number of users and jurisdictions.
Comilion is making secure, private and regulatory compliant collaboration between or within organizations in sensitive industries and data sharing scenarios possible. Founded in 2013, Comilion is jointly headquartered in Tel Aviv and New York. Led by cyber security experts, Comilion is privately-held and backed by prominent international investment funds, leading cyber security evangelists, and the founders of Checkpoint, Imperva and Trusteer. For more information, visit http://www.comilion.com and follow us @comilion_info.
1 Gartner, Inc. Best Practices for Detecting and Mitigating Advanced Persistent Threats, 04 May 2015, Lawrence Pingree | Neil MacDonald | Peter Firstbrook