Computer network threat assessment

What is claimed is: 1. A system, comprising: a memory; and a processor, wherein the memory includes instructions executable by the processor to: receive from client networks respective threat data and store the respective threat data in a security event database; maintain affiliations for groups that associate the groups with subsets of the client networks, wherein the affiliations are generated to affiliate each client network to one or more of the groups according to a respective commonality between client networks in each respective group, wherein the respective commonality indicates that each client network affiliated with a respective group is operated by a client that provides a service common to the respective group or is operated by a client that operates in an industry common to the respective group; process content in the security event database to identify a group by detecting a correlation between the identified group and a network threat that is represented by the respective threat data; identify at least one indicator associated with the network threat; dependent on the affiliations, identify at least one of the client networks in one of the subsets that is associated with the identified group; generate at least one message that conveys an alert to the at least one of the client networks, wherein the at least one message comprises the at least one indicator, wherein the alert is generated in response to a determined increased risk to the identified group, and wherein the determined increased risk is associated with an increased likelihood that an attack is going to occur; responsive to the at least one message, receive, from the at least one identified client network, a report of detected correlation between the at least one indicator and security event data maintained by the at least one identified client network; and update the security event database responsive to the report of detected correlation. 2. The system of claim 1 , wherein the memory includes instructions executable by the processor to: decrypt and authenticate the respective threat data by reference to a key database; cryptographically verify, based on the authentication of the respective threat data, that a source from the client networks reporting the respective threat data has been previously registered in a client database; and store the respective threat data in the security event database responsive to the cryptographic verification that the source has been previously registered in the client database. 3. The system of claim 1 , wherein the memory includes instructions executable by the processor to: following receipt of threat data from a first one of the client networks which corresponds to a possible network threat, generate a current numerical score associated with the possible network threat; maintain data representing historical scores associated with the possible network threat; perform trend analysis to automatically determine whether the current numerical score represents an increased risk to the identified group relative to the data representing the historical scores, wherein the respective commonality indicates that each client network affiliated with the respective group is operated by the client that provides the service common to the respective group, is operated by the client that operates in the industry common to the respective group, and is located in a geographical location common to the respective group; and generate the at least one message that conveys the alert dependent on whether the trend analysis indicates that the current numerical score represents the increased risk to the identified group. 4. The system of claim 1 , wherein the memory includes instructions executable by the processor to: maintain a record associated with the network threat that includes a score representing network impact and a score representing threat likelihood. 5. The system of claim 1 , wherein the memory includes instructions executable by the processor to: include, in the at least one message, a firewall rule to mitigate the network threat, the firewall rule to be instantiated on the at least one of the client networks. 6. The system of claim 1 , wherein the memory includes instructions executable by the processor to: upon receipt of the report, identify the group from the report; decrypt data from the report using one or more cryptographic credentials in a list of cryptographic credentials corresponding to the identified group; confirm correspondence, with a hash, of the data decrypted using one of cryptographic credentials in the list; authenticate the report based on the confirmed correspondence; and responsive to the report upon the authentication of the report, update the security event database in a manner that associates the report with the identified group. 7. A method comprising: receiving from client networks respective threat data and storing the respective threat data in a security event database; maintain affiliations for groups that associate each group with a respective subset of the client networks, wherein the affiliations are generated to affiliate each client network to one or more of the groups according to a respective commonality between client networks in each respective group, wherein the respective commonality indicates that each client network affiliated with a respective group is operated by a client that provides a service common to the respective group or is operated by a client that operates in an industry common to the respective group; processing content in the security event database to identify a group of the one or more of the groups by detecting a correlation between a network threat and the identified group associated with a subset of the client networks; identifying at least one indicator associated with the network threat; identifying at least one of the client networks that is associated with the identified group and generating at least one message that conveys an alert to the at least one of the client networks, wherein the at least one message comprises the at least one indicator, wherein the alert is generated in response to a determined increased risk to the identified group, and wherein the determined increased risk is associated with an increased likelihood that an attack is going to occur; responsive to the at least one message, receiving, from the at least one of the client networks, a report of detected correlation between the at least one indicator and security event data maintained by the at least one of the client networks; and updating the security event database responsive to the report of detected correlation. 8. The method of claim 7 , comprising: maintaining a threat score associated with the network threat; receiving a local score that is based on a search at the at least one of the client networks to detect correlation between the at least one indicator and security event data maintained by the at least one of the client networks; and updating the threat score in dependence on the local score. 9. The method of claim 8 , comprising: in dependence on at least one of (i) a difference between the threat score and the local score and (ii) an amount of change in the threat score responsive to the update, transmitting at least one additional message to the at least one of the client networks to convey at least one of (i) an additional indicator, (ii) the updated threat score or (iii) an updated alert. 10. A system, comprising: a memory; a processor; and a network interface, wherein the memory includes instructions executable by the processor to: receive, via the network interface, respective threat data from client networks;