Are you a CIO, CSO, CISO, VP of IT, Dir of IT, or SR VP of IT?
What does it cost you to manually examine threat intelligence information? Are you doing it at all?
If you are an IT decision maker you will want to listen to what Aharon Chernin, CTO of Soltra, and I discuss related to Aharon’s expertise with STIX and TAXII. The STIX/TAXII standard is the future of IT Security as it relates to scaling access to actionable and relevant threat information that we can do something about versus being overwhelmed about yet more false positives. We discuss how sharing and teaching machines how to speak to each other about threat information is the vision of the future.
What if you could receive information from the FBI, DHS, and Cert and this could be ingested into your security machines, devices, software, etc and you didn’t need an analyst to make sense of the data? This is the vision of IT Security that I want you to consider. Only 1% of organizations have security analysts on staff. Why? Because humans are expensive and good ones are hard to scale to the level of threats all business from the small to the mega-large are experiencing. Aharon is hard at work on this right now.
Key Learning Topics
This episode is about revolutionizing the IT Security Industry which will partially be facilitated by building trust and sharing between parties that would normally be competing and not want to share.
Aharon Chernin is not only someone working on standards but he is actually building the network and the plumbing necessary to facilitate this.
As an IT decision maker in any key vertical, I recommend that you not only read the blog, but also review the images I have posted from Aharon’s presentations. You will see not only how easy STIX and TAXII are to understand, but it will also keep you abreast of key future security developments that will be the foundation of future IT Security information sharing, negotiating and selecting vendors and developing a vision for IT security in your business. Please enjoy my summary below of my conversation with Aharon Chernin. All links, pictures, and notes of the recorded program are below.
Key Learning Points
- What is TAXII? A protocol like TCP/IP
- 99% of organizations have no cyber security threat analysts.
- Aharon’s presentation at the 2015 RSA Presentation on STIX and TAXII
- The maturity of information sharing vs consuming security information will evolve
- What is the history of Soltra?
- There are many ISACs for each vertical. All are focused on information sharing and building trust.
- Cyber Security Analysts are very difficult to scale. STIX will help!
- How to get out of vendor ‘lock in’
- How to get out of manual workflows and into automation for security threat intelligence
- What if attackers have access to threat feeds…is this good or bad?
- What is the difference between consuming intelligence info and consuming information technology?
Intelligence Producers Mentioned:
Some examples of vendors that produce threat intelligence in STIX/TAXII format: iSight Partners, FOX-IT, and open source intelligence providers like HailATAXII.com. HailATAXII.com is a repository of Open Source Cyber Threat Intelligence feeds in STIX format and it pulls open source intel feeds via Soltra Edge. There are currently thousands of new unique TAXII clients per month and is growing.
Key Questions to Ask Vendors:
- Beware of vendors adopting STIX only in marketing brochures
- Before a purchase, have the vendor show you STIX live on the demo
- Pay attention to the user experience – Dumping STIX out to a UNIX command script is not good!
Additional Learning about STIXX/TAXII
Oasis Standards for STIX are being released internationally as detailed on the Oasis website:
“Three foundational cyber security specifications, STIX, TAXII, and CybOX, are now being advanced through the international open standards process at OASIS.”
Biography – Aharon Chernin, Chief Technical Officer, Soltra
Aharon is the Chair of the FS-ISAC Security Automation Working Group (SAWG); Aharon has led the industry effort in building a threat intelligence repository for the financial community. His ultimate vision is to build a network platform based on security standards available to critical infrastructure communities world-wide. He currently works as the CTO of an information security joint venture known as “Soltra” in Tampa, where he focuses his time developing products that make machines speak to each other about threat information. Aharon maintains close working ties to DHS, US-CERT, and the Mitre Corporation in the development of STIX & TAXII, the security intelligence standards the SAWG efforts are built on.
Aharon can be reached via LinkedIn and Twitter
Click to read a recent STIX/TAXII presentation by Aharon at the RSA Conference
Learn more about Soltra Edge here.
Soltra’s mission is to deliver threat intelligence protection for everyone. Our software automation and services will collect, distill, and speed the transfer of threat intelligence from a myriad of sources to help safeguard against cyber attacks for critical infrastructure entities We are STIX and TAXII experts.
All methods of how to access the show are below:
- Listen on iTunes (for iPhones etc.)
- Listen to it on Stitcher (This is for Android Phone Users. Download the Stitcher app here)
- Stream it on Libsyn
- Listen to it on Soundcloud (This is for listening via PC/Mac Browser)
- Please subscribe here to Bill Murphy’s Redzone Podcast on iTunes
- Subscribe to my RSS Feed here
- Link to LinkedIn blog post
Bill is dedicated to your success as an IT Business Leader. Sign up/Subscribe for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly: Follow Bill on LinkedIn and Twitter.
Leave a podcast review here