Drop the terms “STIX” and “TAXII” into general conversation at the dinner table, and it’s likely the kids will think you’re talking about a nature project, while the adults will be ordering you an Uber home to sleep it off. But in a different environment—say, across a boardroom table of IT executives or cybersecurity specialists, those two acronyms will set up up for an afternoon of discussion, debate, and education.
Every niche market benefits from its own language—so, why should cybersecurity be any different? Simply put, Scientific and Technical Information Exchange (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) are free open-source tools that initiate a shared threat intelligence language, streamlining the way we inform and communicate everything about cybersecurity. Together, they are defined on the web as “STIX, a collaborative effort to develop a standardized, structured language to represent cyber threat information,” and ‘TAXII, a set of services and message exchanges that, when implemented, enable sharing of actionable cyber threat information across organizational, product line, and service boundaries.” TAXII functions with Soltra Edge software, a platform that works in harmony with the STIX and TAXII standards.
Adopting the Language
Cyber threats and consequential attacks are increasing exponentially— and supporting the management of this influx is a multiplicity of offerings often branded as “cybersecurity solutions and tools.” But whether you are a global enterprise or SME start-up, countless platforms and commodities are available to you as solutions, but ones that too often speak different languages, making it difficult to translate the threat data produced by these tools into intelligence of both significance and relevance.
STIX and TAXII standards were developed by the MITRE Corporation along with the Department of Homeland Security (DHS) and are continually improved via the OASIS nonprofit consortium. STIX and TAXII protocols have been positively embraced by both private and public organizations globally. These free, open-transport mechanisms allow the sharing of cyber threat data, not just between platforms but between people, products, and corporations. They optimize the distribution and analysis of real-time data through the standardization of languages and security formatting, and it’s fair to say that they are broadly recognized to be operating at maximum sophistication when they are used together. In other words, they work best on the buddy system.
Benefits of Standardization
Cyber criminals tend to place their focus on the attacking of organizations that operate within the financial services space, and as such, this sector has received some of the most aggressive, fast, and severe cyber attacks to date. Chief Information Security Officers (CISOs) and safeguarding professionals use STIX and TAXII to absorb, evaluate, and analyze data on threat intelligence, which allows for quick responses and a consistent approach to intelligence languages and their formats. The benefits of adopting a community-wide threat intelligence language and method of transportation that everyone grasps has been an essential step in speeding up response times to threats.
Why Care
The birth of the General Data Protection Regulation (GDPR) in May of this year placed emphasis in abundance on how well we protect the data of our consumers. STIX and TAXII present platform-built pathways that homogenize the way that we communicate and how we transport tour communications, and all within a structured framework—a movement that promotes efficiency and the effective protection of our customers of any product or service that we might sell.
Think about threats and attacks—then think about the consequences, time, resource, and money. Expert data analysts have little time for trawling through Cyber Threat Intelligence (CTI) data. STIX and TAXII abolish this need by facilitating CTI sharing that enables watchers to act with accuracy—that’s more time to spend thwarting threats rather than searching for them.
The cross-sharing of Cyber Threat Intelligence brings additional awareness to cyber attacks far and wide and increases accessibility to threat intelligence. The distribution of information is critical for defending against attacks on U.S.-based infrastructure. So, the more thoughtful the analysis of these threats and attacks, the more we understand it—and the more it becomes automated, the harder it will be for an attacker to complete the steps toward hacking victory. Unless, of course, it is stopped by The Cyber Kill Chain, but that’s another story. In a nutshell, STIX and TAXII should be viewed as instrumental tools that increase resources and keep you and your organization safe. Now try saying all that at the dinner table!
#