The Force of STIX & TAXII
Use the force, Luke.
If your cybersecurity team were given a common threat intelligence language and transport method that surrounded, penetrated, and bound you in an impressive-galactic-sort-of-way to other fighters of cybercrime, would you take it?
The free, open-source tools, STIX and TAXII are doing just that.
With the Structured Threat Information eXpression (STIX™) and Trusted Automated eXchange of Indicator Information (TAXII™), it seems like cybersecurity professionals working in financial services companies and organizations are more prone than others to achieving their destiny of becoming guardians of peace and justice in the cyber-universe. Why is that?
Common Goals Need a Common Language
The fact of the matter is that global cyber threats are increasing exponentially, and organizations are finding themselves pitted against better funded (and potentially better organized) hacking entities. While a multitude of cybersecurity tools and solutions exist, many companies find it challenging to coalesce the threat data generated by these tools into meaningful intelligence, thanks to the myriad of platforms and products each speaking different ‘languages’.
Developed by The MITRE Corporation and the Department of Homeland Security, STIX and TAXII are free, open-source standards that enable cyber threat data to be easily shared between platforms, individuals, products, and organizations. Because STIX and TAXII enable the standardization of security formats and languages, real-time threat data can be distributed, aggregated, analyzed, and used more efficiently and more effectively. Private and public organizations, including ThreatConnect, have enthusiastically endorsed and adopted the STIX/TAXII protocols.
Being Under Attack More Often Forces Financial Institutions to Develop their Skills
Luke and Leia both had the Force, but only Luke developed those skills. Why? Well, frankly because he had the last name that put a big target on his back. He had to learn to fight fast. Similarly, financial services organizations are an obvious target for cybercriminals, and thus face the greatest and most dangerous cyber threats. In fact, the financial services industry is the most targeted private sector vertical, experiencing an estimated 300% increase in 2015 for the number detected threats.
STIX/TAXII-supported platforms enable the CISOs and security professionals to quickly digest, assess, analyze, and respond to numerous threat intelligence feeds, without worrying about different intelligence languages or transport methods.
But, Why Does the Force (STIX/TAXII) Seem Stronger in Financial Institutions?
In Star Wars some like Yoda seem to be stronger with the Force than others thanks to genetics we suppose. And, it seems to many that financial institutions, and for that matter many organizations in EMEA, STIX/TAXII is really important. I think we can blame it on their nature too. Financial institutions and organizations across EMEA have a level of comfort with standards that one would equate to being in their DNA were they people. That is good for the rest of us. They are spearheading the evolution of these standards and making real progress.
Many organizations across industries participate in the OASIS nonprofit consortium to continue to improve on these standards. The OASIS Cyber Threat Intelligence Technical Committee has developed STIX 2.0, the next generation of STIX standards for the industry. While some industries and regions may have been faster than others to adopt, these standards should be important to us all for all the same reasons – speed of sharing and analyzing data. ThreatConnect supports and participates in OASIS’ efforts.
Embrace a STIX/TAXII-supported Threat Intelligence Platform
It is extremely critical that CISOs and security professionals adopt a threat intelligence language and transport method that everyone can understand. STIX and TAXII are free, open-source tools that can immediately make the analysis of and subsequent response to threats occur much more quickly than before.
The Force is Strong with This One
We believe that the key to stopping cybercriminal activity is making threat intelligence more accessible, understandable, flexible, and automated for everyone. The ThreatConnect Platform supports STIX, and uses an integrated TAXII client. The combination of open standards like STIX/TAXII with sharing communities and a proven methodology like the Diamond Model in ThreatConnect may make our users the most powerful Jedi in the Universe. Not like Luke though. He’s retired living on a hill. We’re thinking more like Rey. Did you see what she could do all on her own? The Force is Strong with this One.