THREAT INTELLIGENCE: STIX 2.0

Posted by on April 1, 2016

Binary code on a surface of a planet

Blue glowing curves, new technology, computer generated abstract background

Gartner defines threat intelligence as:

Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.

In the cyber world the evidence that we see are the artifacts that show up on end-points (computers, email servers, smartphones, industrial control system devices, etc.) and on our networks (routers, firewalls and DNS servers, etc.).

The art and craft of converting these artifacts into actionable intelligence is the driver behind the emerging ecosystem of threat intel. Nothing is more important in defining and driving this ecosystem change than the newly published STIX 2.0 OASIS Committee Specification Draft.

View Fullscreen

 

You must be logged in to post a comment Login