The utilization of cyber threat intelligence can be a powerful factor in detecting and deterring cyber-attack. Currently, however, most cyber intelligence sharing is via unstructured reports and emails that require human interpretation and manual processes to utilize. To make it easier to use and automate using threat intelligence, the U.S. Department of Homeland Security has sponsored the creation of STIX and TAXII. STIX is an open, community-driven language to represent cyber threat information in a structured manner. TAXII is an open, community-driven set of protocols and services to securely exchange cyber threat information. The specifications for both STIX and TAXII are freely available and are seeing growing adoption within information sharing communities. This talk serves as an introduction to STIX and TAXII, their goals, capabilities, and future plans.
- Overview of using cyber threat intelligence in network defense
- Introduction to the STIX language structure.
- Introduction to the TAXII protocol capabilities.
About Charles Schmidt
Charles Schmidt is a Principal Information Security Engineer at the MITRE Corporation. He has supported security standards development efforts for more than 12 years covering a wide range of technologies. He is currently working on the MITRE team developing and maintaining standards for secure sharing of cyber threat intelligence and is the lead author of the TAXII threat sharing protocol. Charles holds a Bachelors degree in both Mathematics and Computer Science from Carleton College and a Masters degree in Computer Science from the University of Utah.