Centralizing threat intelligence to feed network defense systems
ThreatConnect announced the launch of a prototype that connects commercial security products with advanced threat intelligence through an open source standard known as the Structured Threat Information eXpression (STIX), created by The Mitre Corporation.
The prototype allows security analysts to construct the details of their incident, specify relevant indicators and attributes within ThreatConnect, and transmit that information in the STIX format through an API to network defense systems.
This effort was a key outcome of the TM Forum Cyber Threat Intelligence (CTI) Sharing Catalyst, which included leading telecommunications organizations and security vendors at the forefront of advanced threat protection. Participants from the catalyst group include ThreatConnect (a division of Cyber Squared Inc.), Symantec, RSA, cVidya Networks, and Edge Technologies.
“The prototype demonstrates the power that commercial products can provide against advanced attacks when linked together and enriched by community collaboration. We are working in a more collaborative fashion, similar to our adversaries, by recognizing that we all benefit when we combine our strengths and knowledge into actionable intelligence,” commented Adam Vincent, CEO of Cyber Squared Inc.
The prototype will be demonstrated at the TM Forum Digital Disruption Conference (October 28-3, San Jose McEnery Convention Center in San Jose, California) to show how leveraging community-sourced threat intelligence can accelerate defenses and mitigate a distributed denial-of-service of attack (DDoS), limiting or preventing the damage done.
Another key outcome of the CTI Sharing Catalyst is a Return on Investment Calculator that builds a strong business case for threat intelligence platforms and threat sharing. Initially, the ROI Calculator estimates internal efficiencies and savings of using a threat intelligence platform as part of common security processes. The calculator allows organizations to input information about their own internal security workflow and processes. Users can see the benefits of applying cyber threat intelligence to each task in their workflow and determine operational savings unique to their organization.
Secondly, the calculator includes a section for estimating the cost of a potential intrusion. Assumptions for this part of the calculator are based on data provided by RSA from their 2011 intrusion and the 2010 Annual Cost of Data Breach study from Symantec. Based on the published data, organizations can understand the potential cost of an intrusion from a percentage of revenue and/or number of records compromised perspective.