[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] New Lingua Franca For Exchanging Cyberattack Intelligence
By Kelly Jackson Higgins
Nov 15, 2011
It's not easy for organizations to share firsthand attack intelligence
in a confidential or even meaningful way, so many don't bother, which
gives the bad guys another leg up. But tools to facilitate the sharing
of attack information are gradually emerging: most recently, a new
open-source framework for describing the technical earmarks of a
The so-called Open Indicators of Compromise (OpenOIC) released last week
by Mandiant is one layer of facilitating the anonymous sharing of attack
intelligence among victim organizations. Mandiant originally built the
technology in-house for its homegrown tools and its forensics
engagements and is now offering it in the public domain.
There's no single, standardized way for how people share attack
intelligence, says Dave Merkel, CTO at Mandiant. "The technologies used
to deploy are varied and not consistent in a way to take intelligence
and boil it down to something â actionable. It's fragmented," he says.
Mandiant originally created OIC for its internal use. "We needed a way
to bridge technology and intelligence. That's important because we have
services and products," Merkel says. And Mandiant's clients started
asking if they could use OIC as well.
Subscribe to InfoSec News - www.infosecnews.org