The unfolding is joyless and all too common: a Bad Guys — state actors, rapist gangs, script-kiddies — launch an attack, make off with a bundle, and afterwards repeat a conflict dozens, maybe hundreds of times. How does that happen?
It happens since a Good Guys aren’t communicating a sum of a hazard and a actions indispensable to better it. A man during a NOC competence call his co-worker and advise him, or tell his confidence businessman to refurbish their profiles, though that’s about it.
I spoke to Brett Jordan of Symantec, editor of a STIX spec and co-chair for TAXII, about how STIX and TAXII aim to change that. They’re dual standards whose growth is upheld by a vital confidence attention players, including IBM, HPE, Cisco, and Dell, vast financial institutions, and a US government, including a Department of Defense and a NSA.
What is STIX?
Structured Threat Information eXchange is an edge-and-node formed graph information model. The nodes are STIX Data Objects (SDO) and a edges are STIX Relationship Objects (SRO).
The SDOs embody information such as:
- Attack Pattern
- Observed Data
- Threat Actor
The SROs — a edges — are meant to bond SDOs so that, over time, users will be means to rise in-depth believe of hazard actors and their techniques. STIX v2 will be out before a finish of a year, and vendors are already operative to support it formed on breeze versions.
What is TAXII?
From a TAXII GitHub siteTAXII (Trusted Automated eXchange of Indicator Information) looks
. . . to order a trusted, programmed sell of cyber hazard information. TAXII defines a set of services and summary exchanges that, when implemented, capacitate pity of actionable cyber hazard information opposite classification and product/service bounds for a detection, prevention, and slackening of cyber threats.
STIX is a infamous hazard information. TAXII is a custom to promulgate it.
Users and confidence vendors will attend in giving life to a specifications. Users will be means to pass anonymized information to their confidence vendors, and a vendors will be means to fast share hazard information. You’ll still buy confidence services, though those services will be most some-more effective as partial of a village pity hazard and invulnerability information in genuine time.
Cybercrime is impossibly profitable, that feeds a infamous cycle where a increase capacitate building some-more worldly attacks. But like any product, worldly malware has to be profitable.
Today, a singular conflict matrix can be used dozens or hundreds of times, creation it intensely profitable. But if a new conflict businessman could be neutralized after one or dual attacks, profitability would nosedive, creation it harder to clear a bid indispensable for some-more worldly attacks.
Of course, a opposite calculus relates to state actors. Once implemented, a observant village will force them to use their cyber weapons with larger care, hopefully minimizing material damage.
The Storage Bits take
As initiatives such as STIX and TAXII flog in over a subsequent decade, we can start to take behind a internet from a bad guys. If your association has a confidence businessman that we speak to, ask them about STIX and TAXII, and how they are formulation to use it. Every businessman needs a support of business to clear timely action!
Courteous comments welcome, of course. Learn some-more during these links: STIX 2.0 core spec. OASIS Cyber Threat Intelligence (CTI) Technical Committee github. OASIS open standards website.
Google’s 2016 web confidence report: 32 percent some-more websites were hacked: