* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Points of View](https://www2.paloaltonetworks.com/blog/category/points-of-view/)
* The Challenge of Cybersec...

# The Challenge of Cybersecurity Frenemies and Collaboration

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F08%2Fcybersecurity-frenemies-collaboration%2F)  
[](https://twitter.com/share?text=The+Challenge+of+Cybersecurity+Frenemies+and+Collaboration&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F08%2Fcybersecurity-frenemies-collaboration%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F08%2Fcybersecurity-frenemies-collaboration%2F&title=The+Challenge+of+Cybersecurity+Frenemies+and+Collaboration&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2025/08/cybersecurity-frenemies-collaboration/&ts=markdown)  
\[\](mailto:?subject=The Challenge of Cybersecurity Frenemies and Collaboration)  
Link copied  
By [Dena De Angelo](https://www.paloaltonetworks.com/blog/author/ddeangelo/?ts=markdown "Posts by Dena De Angelo")  
Aug 20, 2025  
6 minutes  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)  
[Cyber Threat Alliance](https://www.paloaltonetworks.com/blog/tag/cyber-threat-alliance/?ts=markdown)  
[podcast](https://www.paloaltonetworks.com/blog/tag/podcast/?ts=markdown)  
[Threat Vector](https://www.paloaltonetworks.com/blog/tag/threat-vector/?ts=markdown)  
![](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/audio-icon.svg)  
Sikorski Interviews Michael Daniel  
*00:00* *00:00*  
Volume Slider  
10s 10s  
10s 10s  
Seek Slider

The cybersecurity industry faces a peculiar paradox: companies that compete fiercely for customers must collaborate intimately to defend against shared threats. This delicate dance between competition and cooperation creates what Michael Sikorski, CTO and vice president of Engineering at Unit 42, aptly calls a world of "frenemies with benefits."

In a recent [Threat Vector podcast](https://www.paloaltonetworks.com/resources/podcasts/threat-vector-frenemies-with-benefits)conversation, Sikorski explored this dynamic with Michael Daniel, president and CEO of the[Cyber Threat Alliance (CTA)](https://www.cyberthreatalliance.org/). Daniel shared insights from his unique vantage point as both former White House Cybersecurity Coordinator and bridge-builder between competing security vendors. He has spent over eight years proving that collaboration can work, even when millions of dollars in revenue hang in the balance. His perspective reveals why the biggest barriers to effective threat intelligence sharing aren't found in server logs or API endpoints, but in boardrooms and corporate cultures.

## ![Beyond the Code, #6](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/08/cortex_beyond-the-code_ep-6_blog-image_400x300-230x173.jpg)

## **The Moment Everything Clicked**

The first sign that cybersecurity collaboration could transcend competitive instincts came during the 2017 [WannaCry ransomware outbreak](https://www.paloaltonetworks.com/blog/tag/wannacry/). As the malware spread like wildfire across global networks, Daniel assembled competing security vendors on a single call to share what they were seeing. Daniel remembered:

> At the beginning of WannaCry, everybody thought that \[it\] was being spread by an email vector. When we assembled the different CTA members on the call and everybody started saying what they were seeing and nobody was finding an email vector for WannaCry, it was one of those things that you could almost feel it around the room...like, well, wait a minute. If nobody among this set of people is seeing an email vector, maybe there's not an email vector.

That collective realization prompted everyone to look in different directions and ultimately helped the industry understand WannaCry's true worm-like propagation method much sooner than they otherwise might have. It was proof that when competitors pool their visibility, the sum becomes greater than its parts.

## **The Human Barriers to Sharing**

Despite breakthrough moments, like the WannaCry response, meaningful collaboration remains frustratingly elusive across the cybersecurity industry. The barriers, Daniel explains, are far more human than technical.

"Some of it is technical but not very much," he notes. "A lot of the barriers are more cultural. They're more legal. They're both real and perceived barriers. There's concern about where am I actually making my money? Are there liability concerns that we might have some downsides to sharing customer exposure?"

The reality is stark: sharing intelligence typically ranks as someone's fifth or sixth priority, not their primary focus. "When you see it work, it's usually because somebody has made it a priority. An executive somewhere has made it a priority for it to happen. Otherwise too many other things just get in the way."

This cultural resistance extends beyond individual companies to entire government frameworks designed to ensure fairness but often creating bureaucratic paralysis instead.

## **The Government's Impossible Balancing Act**

Having navigated both sides of the public-private divide, Daniel sees fundamental tensions that make collaboration challenging. The federal government operates under constraints that don't exist in the private sector. Constraints designed to prevent favoritism but that often hinder an effective response.

"If you are working with one entity in the private sector, you've gotta work with all of them equally," Daniel explains. "And the truth is that in cybersecurity, not all companies are created equal, and some entities in the ecosystem are more important in certain situations than others."

The result? Government agencies struggle to assemble the most capable response teams quickly because they must include everyone equally. Meanwhile, private companies grow frustrated with bureaucratic processes that seem divorced from operational urgency.

"We need to bring a lot more understanding to the collaborations and have respect for the constraints," Daniel emphasizes. "Every minute that private sector companies are spending working on this thing with the government, they're not making money."

## **The Economics of Sharing**

The key insight that makes the Cyber Threat Alliance work lies in understanding what companies actually compete on versus what they can safely share. Daniel's argument is counterintuitive but compelling: Sharing threat intelligence actually makes companies more competitive, not less.

"Virtually no one really makes their money off of providing threat indicators," he explains. "You don't go to customers and say, here's a bunch of indicators for you: Good luck with that. Instead, what you're really competing on is what you do with the threat intelligence. You are competing on the basis that my technology is better, my customer service is better, my understanding of your industry is better."

When companies share raw threat data, they're raising the competitive bar for everyone, forcing differentiation to occur at higher levels of value creation rather than basic threat awareness. The result benefits both individual companies and the broader ecosystem.

## **Building Trust Through Clear Boundaries**

Trust doesn't emerge from good intentions alone; it requires concrete guardrails and consistent enforcement. The Cyber Threat Alliance has built this trust through ruthlessly clear boundaries about what can and cannot be discussed.

"We have an antitrust compliance statement that we say at the beginning of every meeting," Daniel notes. "One of the things we talk about are threats and what the bad guys are doing. One of the things that we do not talk about are products, prices and anything related to a future roadmap for our members."

These well-defined parameters, provided upfront, give companies confidence to share sensitive information because they know exactly what's in scope and what's off limits. Even more importantly, the alliance enforces these boundaries consistently, treating all members equally and maintaining strict embargo protocols for early threat intelligence sharing.

## **The Path Forward**

As threat actors increasingly leverage AI and automation to accelerate their attacks, the cybersecurity industry faces a choice: Continue competing in silos or evolve toward systematic collaboration. Daniel's experience suggests the latter isn't just possible; it's essential for survival.

"Cybersecurity is not impossible," he emphasizes:

> The truth is that you can actually materially reduce your cybersecurity risk. And there are things that we could do at the systemic level to reduce our cybersecurity risk. As a society, we are not helpless.

The challenge isn't technical infrastructure or threat intelligence formats; it's building the cultural bridges that turn industry frenemies into genuine allies. In a world where attackers collaborate seamlessly across borders and business models, defenders can no longer afford the luxury of going it alone.

#### For deeper insights into the complexities of cybersecurity collaboration and Daniel's vision for the future of threat intelligence sharing, listen to the complete Threat Vector podcast episode, "[Frenemies with Benefits,](https://www.paloaltonetworks.com/resources/podcasts/threat-vector-frenemies-with-benefits)" today!

## [Follow us on your favorite streaming platform](https://lovethepodcast.com/threatvector)

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### 2026 Public Sector Cyber Outlook: Identity, AI and the Fight for Trust](https://www2.paloaltonetworks.com/blog/2026/01/public-sector-cyber-outlook/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### 2026 Predictions for Autonomous AI](https://www2.paloaltonetworks.com/blog/2025/11/2026-predictions-for-autonomous-ai/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Interview](https://www.paloaltonetworks.com/blog/category/interview/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Our CIO on Why Security Must Be Built Into AI from Day One](https://www2.paloaltonetworks.com/blog/2025/11/cio-why-security-must-be-built-into-ai/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Securing the AI Before Times](https://www2.paloaltonetworks.com/blog/2025/08/securing-ai-before-times/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Global Reach --- The New Scale of Chinese Cyberthreats](https://www2.paloaltonetworks.com/blog/2025/06/new-scale-chinese-cyberthreats/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### GenAI's Impact --- Surging Adoption and Rising Risks in 2025](https://www2.paloaltonetworks.com/blog/2025/06/genais-impact-surging-adoption-rising-risks/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language