BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
In the webcast transcript below, Nemertes Research CEO Johna Till Johnson addressed threat intelligence tools -- what they do, why organizations need them, who makes them and where they are headed. Jot down some vendor names and read how threat intelligence tools could help improve enterprise security.
Threat, compliance and risk networks provide a range of data services. Right now, they're mostly based on particular vendors' boxes and appliances. So, the architecture is essentially: If you've got our appliance in your network, we are gathering information from that appliance and using that information, suitably anonymized, to inform you of a threat. That's really what's going on.
And again, the difference between a vulnerability, a threat and an attack: A vulnerability is you've got a weakness that could be exploited, but as far as we know, nobody is planning to exploit it. A threat is, 'Ah, we do know that someone is planning to exploit that vulnerability in companies like yours, and possibly yours.' And an attack is, 'They're doing it right now. The burglar is entering the house.' So, that's the difference.
There are two really interesting things that are happening here with the threat, compliance and risk networks. The first one is there's a series of specs that have been developed over the past couple of years that ... in June [2015 were] handed over to OASIS, which just launched the CTI Committee, which I think is Cyber Threat Intelligence, and these standards are TAXII, STIX and CybOX. What they do is allow organizations to safely share suitably anonymized information about threats so that you can benefit from what's going on with your neighbors.
The reason this can be valuable is if you know that companies in your vertical industry are being targeted with an attack of a certain type, you can actually protect against that. We start moving from just responsive to actually being proactive and anticipatory, so that you can protect against something before it happens, not while it's happening.
The second thing that's really interesting here is you're starting to see the emergence of actual clearinghouses for these. The first one is a company called Soltra, which is I believe a subsidiary of DTCC. When I say I believe it's a subsidiary, I know DTCC is one of the founding partners of it. It is actually a financial services-focused entity that uses the standards TAXII, STIX and CybOX to instantiate a threat-sharing network for financial services firms using the same model that DTCC uses for financial services firms.
So, if you're in the financial services industry and you haven't heard of this before, go look it up. Very interesting stuff. Because the financial services industry has, of course, pioneered clearinghouses, as you know very well, so it might be interesting to see where they're headed. Other vertical industries could conceivably do something like that.