New Lingua Franca For Exchanging Cyberattack Intelligence

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/231903102/new-lingua-franca-for-exchanging-cyberattack-intelligence.html

By Kelly Jackson Higgins
Dark Reading
Nov 15, 2011

It's not easy for organizations to share firsthand attack intelligence 
in a confidential or even meaningful way, so many don't bother, which 
gives the bad guys another leg up. But tools to facilitate the sharing 
of attack information are gradually emerging: most recently, a new 
open-source framework for describing the technical earmarks of a 
specific threat.

The so-called Open Indicators of Compromise (OpenOIC) released last week 
by Mandiant is one layer of facilitating the anonymous sharing of attack 
intelligence among victim organizations. Mandiant originally built the 
technology in-house for its homegrown tools and its forensics 
engagements and is now offering it in the public domain.

There's no single, standardized way for how people share attack 
intelligence, says Dave Merkel, CTO at Mandiant. "The technologies used 
to deploy are varied and not consistent in a way to take intelligence 
and boil it down to something … actionable. It's fragmented," he says.

Mandiant originally created OIC for its internal use. "We needed a way 
to bridge technology and intelligence. That's important because we have 
services and products," Merkel says. And Mandiant's clients started 
asking if they could use OIC as well.

[...]

_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn