[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] STIX 2.0 Architecture - Relationships, Sightings, and Targeting
On 28.10.2015 13:39:16, Patrick Maroney wrote: > In our World View and a majority of Use Cases, one needs to fully > model all aspects of the Cyber-BattleSpace: > > Adversaries > Adversary TTP*s (Black Hat) > > Intermediaries > Intermediary TTPs (Grey Hat) > > Targets > Target TTPs (White Hat) > > * TTPs include assets and infrastructure in this model. > > Since we don't currently represent Targets and Intermediaries in the > current CTI Model, then the proposed modeling of related "White/Grey > Hat" TTP relations won't be as obvious > Hi, Pat - Perhaps I'm just congenitally slow between the ears, but could you please explain to me in plain language exactly what problem(s) you're trying to solve with all the above? Using CTI to track blackhats, that I get. Using CTI to track pentesters (whitehats) you're presumably paying large sums of money to test your infrastructure seems to go against the entire purpose of hiring professional pentesters. As for what's a greyhat, well, that's basically identical to the attribution problem. Again, maybe I'm just being dense, but let's just focus on squelching the blackhats for now. That's the critical issue and we've a very long way yet to go. -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "It is always possible to add another level of indirection." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]