http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/231903102/new-lingua-franca-for-exchanging-cyberattack-intelligence.html By Kelly Jackson Higgins Dark Reading Nov 15, 2011 It's not easy for organizations to share firsthand attack intelligence in a confidential or even meaningful way, so many don't bother, which gives the bad guys another leg up. But tools to facilitate the sharing of attack information are gradually emerging: most recently, a new open-source framework for describing the technical earmarks of a specific threat. The so-called Open Indicators of Compromise (OpenOIC) released last week by Mandiant is one layer of facilitating the anonymous sharing of attack intelligence among victim organizations. Mandiant originally built the technology in-house for its homegrown tools and its forensics engagements and is now offering it in the public domain. There's no single, standardized way for how people share attack intelligence, says Dave Merkel, CTO at Mandiant. "The technologies used to deploy are varied and not consistent in a way to take intelligence and boil it down to something … actionable. It's fragmented," he says. Mandiant originally created OIC for its internal use. "We needed a way to bridge technology and intelligence. That's important because we have services and products," Merkel says. And Mandiant's clients started asking if they could use OIC as well. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Wed Nov 16 2011 - 01:19:57 PST
This archive was generated by hypermail 2.2.0 : Wed Nov 16 2011 - 01:22:25 PST