MAEC & Making Security Measurable at RSA

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

MAEC & Making Security Measurable at RSA

Kirillov, Ivan A.
I just wanted to let everyone know that MITRE will be hosting a Making Security Measurable Booth at the RSA Conference from February 27 to March 2 at the Moscone Center in San Francisco, California.

If you plan to attend, myself and some of the other team members will be at Booth 2617.  Please stop by and say hello!

Regards,
Ivan

Ivan Kirillov
MAEC Working Group
The MITRE Corporation
Reply | Threaded
Open this post in threaded view
|

Re: MAEC & Making Security Measurable at RSA

fmohsen
Hello everyone,

Let me first complement the work that has been done here, very impressive. I am been following your work on MAEC the last 4 months, still looking for a research spot to put an some effort. As i was reading i came across some other related topics (IODEF, Cybox) would you please clarify to me the differences or/and similarities.


Thank you so much,
Fadi

On Wed, Feb 22, 2012 at 2:51 PM, Kirillov, Ivan A. <[hidden email]> wrote:
I just wanted to let everyone know that MITRE will be hosting a Making Security Measurable Booth at the RSA Conference from February 27 to March 2 at the Moscone Center in San Francisco, California.

If you plan to attend, myself and some of the other team members will be at Booth 2617.  Please stop by and say hello!

Regards,
Ivan

Ivan Kirillov
MAEC Working Group
The MITRE Corporation



--
Fadi.Mohsen
Reply | Threaded
Open this post in threaded view
|

RE: MAEC & Making Security Measurable at RSA

Kirillov, Ivan A.

Hi Fadi,

 

Thank you for the compliments.

 

As far as the differences/similarities between MAEC/CybOX/IODEF, hopefully this explanation will help:

 

CybOX is MITRE’s standard for expressing observables in the cyber domain, a large chunk of which involves observed actions and the stateful measure of objects. Since these components are also important for characterizing malware, MAEC 2.0+ imports CybOX and extends its action and object types.

 

IODEF, on the other hand, is an IETF standard for exchanging information observed in security incidents. Malware and cyber observables can certainly be useful in this context, so IODEF can be used to encapsulate MAEC or CybOX data, but the standard in and of itself does not delve into these areas beyond some minor intersections (IP addresses, email addresses, etc.).

 

Regards,

Ivan

 

From: Fadi Mohsen [mailto:[hidden email]]
Sent: Monday, March 05, 2012 6:31 PM
To: Kirillov, Ivan A.
Cc: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: Re: MAEC & Making Security Measurable at RSA

 

Hello everyone,

Let me first complement the work that has been done here, very impressive. I am been following your work on MAEC the last 4 months, still looking for a research spot to put an some effort. As i was reading i came across some other related topics (IODEF, Cybox) would you please clarify to me the differences or/and similarities.


Thank you so much,
Fadi

On Wed, Feb 22, 2012 at 2:51 PM, Kirillov, Ivan A. <[hidden email]> wrote:

I just wanted to let everyone know that MITRE will be hosting a Making Security Measurable Booth at the RSA Conference from February 27 to March 2 at the Moscone Center in San Francisco, California.

If you plan to attend, myself and some of the other team members will be at Booth 2617.  Please stop by and say hello!

Regards,
Ivan

Ivan Kirillov
MAEC Working Group
The MITRE Corporation




--
Fadi.Mohsen

Reply | Threaded
Open this post in threaded view
|

Re: MAEC & Making Security Measurable at RSA

fmohsen
Hi Ivan,
 
Thank you so much about your helpful response.
 
 
Best,
Fadi

On Thu, Mar 8, 2012 at 4:03 PM, Kirillov, Ivan A. <[hidden email]> wrote:

Hi Fadi,

 

Thank you for the compliments.

 

As far as the differences/similarities between MAEC/CybOX/IODEF, hopefully this explanation will help:

 

CybOX is MITRE’s standard for expressing observables in the cyber domain, a large chunk of which involves observed actions and the stateful measure of objects. Since these components are also important for characterizing malware, MAEC 2.0+ imports CybOX and extends its action and object types.

 

IODEF, on the other hand, is an IETF standard for exchanging information observed in security incidents. Malware and cyber observables can certainly be useful in this context, so IODEF can be used to encapsulate MAEC or CybOX data, but the standard in and of itself does not delve into these areas beyond some minor intersections (IP addresses, email addresses, etc.).

 

Regards,

Ivan

 

From: Fadi Mohsen [mailto:[hidden email]]
Sent: Monday, March 05, 2012 6:31 PM
To: Kirillov, Ivan A.
Cc: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: Re: MAEC & Making Security Measurable at RSA

 

Hello everyone,

Let me first complement the work that has been done here, very impressive. I am been following your work on MAEC the last 4 months, still looking for a research spot to put an some effort. As i was reading i came across some other related topics (IODEF, Cybox) would you please clarify to me the differences or/and similarities.


Thank you so much,
Fadi

On Wed, Feb 22, 2012 at 2:51 PM, Kirillov, Ivan A. <[hidden email]> wrote:

I just wanted to let everyone know that MITRE will be hosting a Making Security Measurable Booth at the RSA Conference from February 27 to March 2 at the Moscone Center in San Francisco, California.

If you plan to attend, myself and some of the other team members will be at Booth 2617.  Please stop by and say hello!

Regards,
Ivan

Ivan Kirillov
MAEC Working Group
The MITRE Corporation




--
Fadi.Mohsen




--
Fadi.Mohsen
Reply | Threaded
Open this post in threaded view
|

Re: MAEC & Making Security Measurable at RSA

fmohsen

Hello All,
 
 
MAEC/CybOX/IODEF seems to be new standards that help defend against Maware/Threats/etc.. The trend is to let everybody speak the same language or being on the same page. Sometimes the difference in expressness makes collaboration a difficult task. So, those standards are of great importance to goverment/private sector/research.
 
As i am interested in the research side i really appreciate if you guys have any ideas or gaps that need to be filled and investigated.?!
 
 
Thanks,
Fadi

 
On Thu, Mar 8, 2012 at 5:48 PM, Fadi Mohsen <[hidden email]> wrote:
Hi Ivan,
 
Thank you so much about your helpful response.
 
 
Best,
Fadi

On Thu, Mar 8, 2012 at 4:03 PM, Kirillov, Ivan A. <[hidden email]> wrote:

Hi Fadi,

 

Thank you for the compliments.

 

As far as the differences/similarities between MAEC/CybOX/IODEF, hopefully this explanation will help:

 

CybOX is MITRE’s standard for expressing observables in the cyber domain, a large chunk of which involves observed actions and the stateful measure of objects. Since these components are also important for characterizing malware, MAEC 2.0+ imports CybOX and extends its action and object types.

 

IODEF, on the other hand, is an IETF standard for exchanging information observed in security incidents. Malware and cyber observables can certainly be useful in this context, so IODEF can be used to encapsulate MAEC or CybOX data, but the standard in and of itself does not delve into these areas beyond some minor intersections (IP addresses, email addresses, etc.).

 

Regards,

Ivan

 

From: Fadi Mohsen [mailto:[hidden email]]
Sent: Monday, March 05, 2012 6:31 PM
To: Kirillov, Ivan A.
Cc: maec-discussion-list Malware Attribute Enumeration Discussion
Subject: Re: MAEC & Making Security Measurable at RSA

 

Hello everyone,

Let me first complement the work that has been done here, very impressive. I am been following your work on MAEC the last 4 months, still looking for a research spot to put an some effort. As i was reading i came across some other related topics (IODEF, Cybox) would you please clarify to me the differences or/and similarities.


Thank you so much,
Fadi

On Wed, Feb 22, 2012 at 2:51 PM, Kirillov, Ivan A. <[hidden email]> wrote:

I just wanted to let everyone know that MITRE will be hosting a Making Security Measurable Booth at the RSA Conference from February 27 to March 2 at the Moscone Center in San Francisco, California.

If you plan to attend, myself and some of the other team members will be at Booth 2617.  Please stop by and say hello!

Regards,
Ivan

Ivan Kirillov
MAEC Working Group
The MITRE Corporation




--
Fadi.Mohsen




--
Fadi.Mohsen



--
Fadi.Mohsen