[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] CTI TC Adoption and Interoperability SCs
Maybe the context that would be helpful to add is what does the thing implementing TAXII\STIX\Cybox actually do? Does it consume specific data, does it publish specific data, or does it aggregate/link all data ?
The STIX profile attempted to address this with kind of saying. “Hey this is what I actually support”. If I am a CTI producer focusing on one thing like say DDoS attacks that
narrow subset of Stix and Cybox objects defined in the profile may well be the maximum content I would every produce anyway so having a maturity of "X" is the max that I could ever be and similarly if I was a defensive tool that re-directed access to evil
web sites support cybox object with Windows Registry keys are fairly irrelevant. On the other hand if I am sharing hub/aggregation portal or a SIEM those same levels of support in the STIX profile are way below what a customer of that platform would expect.
Those should not get treated in the same way on a maturity curve.
The downside of a "maturity scale" is that it can be viewed as penalizing specialty services/tools that don't need every widget to have maximum effectiveness for what they
do where as you kind of want to point out that another platform is less mature as it left a lot of capability on the table with their implementation and therefore have sub-optimal effectiveness given what it could be doing to feel that pressure.
So what the heck should we do?
We need to put life into the STIX profiles. We need to figure out a way to differentiate STIX profiles where the maximum needed to do the purpose has been achieved and where things are left on the table.
For the buyer of a solution this is the critical difference and if we can’t express that difference some how that in my experience tend to lay blame (in the mind of
the buyer) with the standards not the implementation by their suppliers.
-Mark
Mark Clancy
Chief Executive Officer
SOLTRA
|
An FS-ISAC and DTCC Company
+1.813.470.2400
office
|
+1.610.659.6671 US mobile
| +44 7823 626 535 UK mobile
mclancy@soltra.com
| soltra.com
One organization's incident becomes everyone's defense.
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Terry MacDonald <terry.macdonald@threatloop.com>
Sent: Wednesday, July 8, 2015 8:26 PM To: Eric Burger Cc: cti@lists.oasis-open.org Subject: Re: [cti] CTI TC Adoption and Interoperability SCs Yes, well stated Pat. I especially like the notion of describing what you need and nothing more.
Cheers
Terry MacDonald | STIX, TAXII, CybOX Consultant Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those
of my employers.
On 9 July 2015 at 03:45, Eric Burger <Eric.Burger@georgetown.edu> wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]