Computer network threat assessment

What is claimed is: 1. A system, comprising: a processor; and a memory, wherein the memory includes instructions executable by the processor to cause the processor to: associate a subset of a plurality of client networks of respective companies of a plurality of companies into a group using an affiliation, wherein the affiliation associates each client network of the subset of the plurality of client networks into the group according to a commonality, and wherein the commonality indicates that each client network of the group is operated by a respective client that operates in an industry common to the group across the plurality of companies; identify at least one indicator that indicates a presence of a network threat, wherein the network threat is associated with threat data stored in a security event database; determine that there is an increased risk to the group associated with an increased likelihood that an attack is going to occur based at least in part on the commonality and the at least one indicator; in response to determining the increased risk to the group, modify a message to be transmitted to a first client network of the group to remove an identity of a second client network of the group from the message, wherein the message comprises instructions for the first client network to search for the at least one indicator; transmit the message to the first client network; in response to transmitting the message to the first client network, receive a report from the first client network, wherein the report comprises a detected correlation between the at least one indicator and security event data maintained by the first client network; and update the threat data stored in the security event database in response to receiving the report. 2. The system of claim 1 , wherein the memory includes instructions executable by the processor to cause the processor to: receive the threat data from the plurality of client networks; and identify the group at least in part by detecting a correlation between the group and the network threat represented by the threat data. 3. The system of claim 2 , wherein the memory includes instructions executable by the processor to cause the processor to: in response to receiving the threat data, generate a current numerical score associated with the network threat; determine that the current numerical score is greater than a previous numerical score, wherein the previous numerical score is associated with the network threat and the group; and in response to determining that the current numerical score is greater than the previous numerical score, determine the increased risk to the group. 4. The system of claim 2 , wherein the memory includes instructions executable by the processor to cause the processor to: decrypt and authenticate the threat data; verify that a respective client network of the plurality of client networks reporting the threat data was previously registered in a client database, wherein the verification is a cryptographic verification based on the authentication of the threat data; and in response to verifying that the respective client network was previously registered in the client database, store the threat data in the security event database. 5. The system of claim 1 , wherein the memory includes instructions executable by the processor to cause the processor to: include, in the message, a firewall rule configured to mitigate the network threat, wherein the firewall rule is configured to be instantiated on at least one of the plurality of client networks. 6. The system of claim 1 , wherein the memory includes instructions executable by the processor to cause the processor to: decrypt data from the report using one or more cryptographic credentials in a list of cryptographic credentials corresponding to the group; confirm correspondence of the data decrypted using the one or more cryptographic credentials in the list of cryptographic credentials; authenticate the report based on the confirmed correspondence; and in response to the authentication of the report, update the security event database to associate the report with the group. 7. The system of claim 1 , wherein the memory includes instructions executable by the processor to cause the processor to: receive the threat data from a respective client network of the plurality of client networks; identify the group from a plurality of groups based at least in part on a correlation between the group and the network threat represented by the threat data; and in response to detecting the correlation, update a threat score corresponding to the network threat. 8. The system of claim 7 , wherein the memory includes instructions executable by the processor to cause the processor to determine to transmit the message to the first client network of the subset of the plurality of client networks of the group based at least in part on a match between a first cryptographic hash corresponding to the respective client network and between a second cryptographic hash corresponding to the first client network. 9. The system of claim 8 , wherein the first client network is associated with a client specific rule indicating a threshold value, and wherein an additional client network is associated with an additional client specific rule configured to indicate a different threshold value than the threshold value. 10. The system of claim 1 , wherein determining that there is the increased risk to the group comprises determining a static correlation of the threat data with other data stored in the security event database, determining an increasing threat trend associated with the group, determining a decreasing threat trend associated with the group, or any combination thereof. 11. The system of claim 1 , wherein the processor transmits the message in response to determining the increased risk to the group and in response to accessing a client specific rule that indicates the first client network requested to be alerted for scores greater than a threshold value, and wherein the increased risk is quantified using a first score, and wherein the first score is greater than the threshold value. 12. A method, comprising: maintaining affiliations for groups, wherein each group associates a respective subset of a plurality of client networks of respective companies of a plurality of companies using a respective affiliation, wherein the affiliations are generated to affiliate each client network of the respective subset of the plurality of client networks to one of the groups according to a respective commonality between client networks in each respective group, and wherein the respective commonality indicates that each client network affiliated with the respective group is operated by a respective client that operates in an industry common to the respective group; identifying a group of the groups; identifying at least one indicator that indicates a presence of a network threat, wherein the network threat is associated with threat data stored in a security event database; generating a message that comprises instructions for a first client network of the identified group to search for the at least one indicator, wherein the message is generated in response to a determined increased risk to the identified group, and wherein the determined increased risk is associated with an increased likelihood that an attack is going to occur based at least in part on the respective commonality and the at least one indicator; modifying the message to remove an identity of a second client network of the identified group from the message; transmitting the message to the first client networ