The Cyber Threat Alliance (CTA) said on Tuesday it has appointed Michael Daniel as its first organization president, adding that it has formally incorporated as a not-for-profit entity and has expanded to six founding member companies.

The CTA was initially founded in 2014 by Fortinet [FTNT] and Palo Alto Networks as a consortium to drive a coordinated industry effort against cyber crime and criminals through deep collaboration on threat intelligence and sharing preventative measures. Later that year McAfee, now Intel Security [INTC], and Symantec [SYMC] joined as co-founders.

Cyber Threat Alliance logo

Now CTA has added Check Point Software Technologies Ltd. [CHKP] and Cisco [CSCO] as the final founding members. Since that initial founding, the organization has transformed into an independent organization where the CEOs and senior leaderships of the founding members make up the board of directors.

Michael Daniel was special assistant to the President and cybersecurity coordinator at the White House during the second half of the Obama administration.

After its founding, the CTA has regularly shared information on botnets, mobile threats, and indicators of compromise (IoCs) related to advanced persistent threats (APTs) and advanced malware samples.

The alliance highlighted that its members cooperatively cracked the code of CryptoWall version 3, a global ransomware attack that ransomed over $325 million. CTA said this pushed criminals to develop version 4, which the group also uncovered, leading to it being a much less successful attack.

“These coordinated efforts demonstrate that all Members of the CTA believe in protecting the common good of the Internet by sharing intelligence to combat sophisticated global cyberattacks. By bringing together industry competitors contributing their unique threat insights, the CTA builds a comprehensive view of important threat actors,” CTA said in a statement.

The cooperative efforts have resulted in a new CTA automated threat intelligence sharing platform to help share actionable threat data in near-real-time. The platform “better organizes and structures threat information into Adversary Playbooks, pulling everything related to a specific attack campaign together in one place to increase the contextual value, quality and usability of the data,” CTA said.

“The CTA becoming a standalone organization signifies that the cybersecurity industry holds a collective responsibility to work together to prevent advanced, global cyber attacks by sharing meaningful threat findings. The best way to combat the negative impact of cybercriminals and best protect our customers is through cooperation and partnership based on actionable intelligence from diverse sources,” Ken Xie, founder and chairman of the board of CTA and CEO of Fortinet, said in a statement.

In order to use the platform, members must automate their intelligence sharing contributions, meet minimum contributions daily, and rewards contextualized/unique intelligence. CTA said that members will later be awarded greater levels of access based on the value and volume of information they contribute.

CTA also added affiliate members IntSights, Rapid7 and RSA. These members join earlier affiliates Barracuda Networks, Inc.; ReversingLabs; Telefónica; Zscaler; and Eleven Paths.

“Our greatest weapon in the defense against cyber attackers is the vast power of our combined data and insights. Possessing one of the world’s largest pools of threat data carries significant responsibility, and the CTA provides us with an important coordinating mechanism to enable rapid sharing of that threat intelligence with global businesses,” Greg Clark, CEO of Symantec, commented.