Two weeks ago we pushed our first STIX package to the Red Sky portal. While not perfect, we received some good implementation feedback during our threat day this week. Next step? TAXII. I'm a huge fan of sharing information machine-to-machine, so this is very exciting!
Why'd we do it? Let me tell you a story. I promise, it'll come back to STIX!
About a year ago, we happened upon the entire active directory structure for a very large European company. Like a drunk who drives the back roads throwing their cans out the window into the woods as they drive, some sloppy cyber litterbug dropped a bunch of stuff on a couple of open nodes --that we then picked up as we walked along the road looking for clues.
So why do I tell this story? A year later? We're moving into the era of full automation. While I'm not necessarily a fan of full automation, I am a fan of stripping any and all barriers to a company's use of protective information. STIX puts data into format. TAXII moves it from company to company. The next step is moving data from that company repository directly to defensive tools. In every case where we've done victim notification, if we had this automation in place I could have simply shared data to the compromised company. They'd receive our indicator bundle, push the 'easy button', drop it into their defenses, and move along. Of course it's not that easy, but you get the idea.
What's happening in Red Sky this week?
- First, as mentioned, we're now STIX! Members (and Wapack Labs subscription customers) can now get their indicators in .csv or STIX format.
- We issued a warnings this week to about a dozen companies. They're targeted, and we believe they'll be hit in about two weeks. The warning also included an analysis of the tools that will be used, and how to protect against them.
- We had our quarterly threat day in Tampa this week. We had cocktails and food at the Pebble Creek Country Club, with a day of meetings at a member location on Tuesday. What a great two days!
- Last, we continue tracking cyber activities between Russia and Ukraine. You just can't make this stuff up. The Christian Science Monitor ran a story on this as well. Since our original post, we've authored several more blog posts inside of Red Sky, and issued three priority analysis reports aimed at offering good situational awareness and defenses to our members who have business interests in the area.