Threat Intelligence Blog

Posted November 18, 2016

Recent events in our industry, such as the Soltra shutdown and an article featuring Comcast’s incoming cyber head, Noopur Davis’ key security challenges for the industry have brought to the forefront of my mind many issues our industry faces. Most importantly, these happenings are a reminder for all technologists that the most important lesson for innovation is to solve a problem that is worth solving.

Most engineers, including myself, have spent our careers learning new technology, learning to adapt technology, and solving problems with technology. Yet, we must be mindful that technology without an end state or end goal is just technology that might remain in a lab or on an engineer’s computer.

One of the most exciting parts of my role at LookingGlass is not only creating new technology and adapting technology, but using that technology and leveraging Threat IntelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations make inform decisions regarding their response to the threat. to solve our customers’ challenges, like the ones described in Noopur Davis’ article. This is especially important when it comes to threat intelligence and its use to protect organizations.

The new technology standard, STIX/TAXII has the promise to be enable technologies that will play an important part of the ‘defense in depth’ approach that many organizations will look to use.[1] At LookingGlass, we are actively contributing to the STIX 2.0 standard yet our primary focus is customer challenges and how we can leverage STIX/TAXII as an element of a larger security ecosystem that must exist.

An end-to-end Threat Intelligence Program that includes identification, collection, aggregation, correlation, analysis, action determination, action distribution, and finally, threat mitigation, requires a comprehensive set of integrated technology and not just component such as STIX/TAXII.

STIX/TAXII solves a small part of a defense-in-depth solution by helping systems to exchange Threat Intelligence data in an interoperable format. However, without all the other key elements that create, correlate, refine and action Threat Intelligence, organizations are left holding a screwdriver when they need the entire toolset.

LookingGlass understands this and we continue to focus on building as many of the components of a defense-in-depth Threat Intelligence system as our customers require.

I was saddened to hear about Soltra winding down their business as they were an important proponent and champion for earlier versions of STIX/TAXII with their technology.[2] It is an important lesson to us all that delivering technology without solving the marketplace’s security challenges will result in further business loss.

If you would like to learn more about LookingGlass and our defense-in-depth approach, please contact me at @tweet_a_t.


You May Also Be Interested In…


[1] https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti
[2] http://soltra.com/en/articles/soltra-wind-down/

Additional Posts

Weekly Phishing Activity: November 21, 2016

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

Data Farming Proving Lucrative in the Cyber Underground

Every month it seems a new industry is being targeted by cyber attacks, whether it’s healthcare, ...