[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-taxii] Questioning the wisdom of using DNS SRV records for TAXII 2.0 Discovery
On 31.10.2015 05:46:42, Patrick Maroney wrote: > > Actually it's just the opposite, the more advanced groups are much > more likely to share high value actionable intelligence (at least > tactical) once we have solid data marking/handling constructs. We > know the value of early detection/prevention and criticality of > broadly sharing ephemeral IOCs ASAP. > Hi, Pat - I definitely agree with you on the importance of supporting more sophisticated data marking/handling constructs and unlike the point I was trying to make regarding TAXII in air-gapped networks, I think this *is* probably an area where OASIS can have an impact. Without going too much into detail, when I worked at $large_international_org, there were many different national elements represented. Not only did each national element have its own data-marking scheme, but different branches *within* each national element frequently had their own variation on the data-marking scheme. Trying to keep all these data-marking schemes in alignment across $large_international_org was a complete nightmare. This *is* an important problem but in order for OASIS to address it in the CTI standards, we'd need some hard requirements from the "more advanced groups" you referred to so as to model the problem at the proper degree of abstraction. Do you think these folks would be willing to share their data-marking requirements with OASIS, either via liaisons or perhaps some of the co-chairs? -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "It is more complicated than you think." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]