Vendor integrations with STIX?

classic Classic list List threaded Threaded
49 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Vendor integrations with STIX?

Rick Holland
All, 

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 
  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect
Reply | Threaded
Open this post in threaded view
|

RE: Vendor integrations with STIX?

Kenneth.Melton
Rick,
        I am also researching commercial and open source tools that generate STIX documents. I would love to get more information from you and the rest of the group on what is available for organizations to start adopting STIX in their workflows.

V/r,

Ken Melton
IT Specialist (INFOSEC)
Department of Homeland Security (DHS)
United States Computer Emergency Readiness Team (US-CERT)
O:  703-235-5869
M:  202-308-7230
F:   703-235-5963
[hidden email]
[hidden email]

"Data isn't information, any more than fifty tons of cement is a skyscraper." - Clifford Stoll



-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Holland, Rick
Sent: Wednesday, June 04, 2014 9:49 AM
To: [hidden email]
Subject: Vendor integrations with STIX?

All,

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list:

* HP
       
* Microsoft
       
* Bromium
       
* Checkpoint
       
* Malcovery
       
* Vorstack
       
* ThreatConnect

Rick Holland
Principal Analyst Security & Risk Management
+1.469.221.5359 | [hidden email] | @rickhholland  <https://twitter.com/rickhholland>
5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244


Check out my latest blog posts. <http://blogs.forrester.com/rick_holland>


Current research:

* Targeted-Attack Hierarchy Of Needs, Part 1 Of 2 <http://www.forrester.com/Introducing+Forresters+TargetedAttack+Hierarchy+Of+Needs+Part+1+Of+2/quickscan/-/E-RES107121?intcmp=blog:forrlink>
       
* Brief: S&R Pros Remain Unprepared To Address Virtualization And Cloud Security Risks <http://www.forrester.com/Brief+SR+Pros+Remain+Unprepared+To+Address+Virtualization+And+Cloud+Security+Risks/quickscan/-/E-RES107141>
       
* Quick Take: Cisco Acquires ThreatGrid, Bolstering Advanced Malware Protection <http://www.forrester.com/Quick+Take+Cisco+Acquires+ThreatGrid+Bolstering+Advanced+Malware+Protection/fulltext/-/E-RES116861>
       



PGP.sig (487 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Michael Davis
In reply to this post by Rick Holland
You can add CounterTack to that list.

Thanks,
Mike

Michael A. Davis
Chief Technology Officer, CounterTack
 


CounterTack Named A 2014 Application and Endpoint Security Cool Vendor by Gartner:



On Wed, Jun 4, 2014 at 8:48 AM, Holland, Rick <[hidden email]> wrote:
All, 

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 
  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect

Rick Holland
Principal Analyst Security & Risk Management
<a href="tel:%2B1.469.221.5359" value="+14692215359" target="_blank">+1.469.221.5359 | [hidden email] | @rickhholland 
5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244


Current research:


Reply | Threaded
Open this post in threaded view
|

RE: Vendor integrations with STIX?

Michael Kiefer
Mike,

I would add BrandProtect to the list July 1, 2014.
Trials in process.

All the Best!

Michael


Michael Kiefer | General Manager | BrandProtect |
Tel: 224.766.3000 | skype: michael888811 | [hidden email]
________________________________________
From: [hidden email] [[hidden email]] on behalf of Michael Davis [[hidden email]]
Sent: Wednesday, June 4, 2014 9:36 AM
To: Holland, Rick
Cc: [hidden email]
Subject: Re: Vendor integrations with STIX?

You can add CounterTack to that list.

Thanks,
Mike

[http://bit.ly/1o3UKZC]
Michael A. Davis
Chief Technology Officer, CounterTack
p:708-243-2850 | e:[hidden email]<mailto:[hidden email]> | w:http://www.countertack.com<http://www.countertack.com/>
[http://images.wisestamp.com/linkedin.png]<http://www.linkedin.com/in/michaeladavis/> [http://images.wisestamp.com/twitter.png] <https://twitter.com/mdavisceo>



CounterTack Named A 2014 Application and Endpoint Security Cool Vendor by Gartner:


[cid:image001.jpg@01CF6872.F5FD1C80]<http://www.countertack.com/download-the-2014-gartner-application-and-endpoint-security-cool-vendor-report-featuring-countertack>


On Wed, Jun 4, 2014 at 8:48 AM, Holland, Rick <[hidden email]<mailto:[hidden email]>> wrote:
All,

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list:

  *   HP
  *   Microsoft
  *   Bromium
  *   Checkpoint
  *   Malcovery
  *   Vorstack
  *   ThreatConnect

Rick Holland
Principal Analyst Security & Risk Management
+1.469.221.5359<tel:%2B1.469.221.5359> | [hidden email]<mailto:[hidden email]> | @rickhholland <https://twitter.com/rickhholland>
5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244

Check out my latest blog posts.<http://blogs.forrester.com/rick_holland>

Current research:

  *   Targeted-Attack Hierarchy Of Needs, Part 1 Of 2<http://www.forrester.com/Introducing+Forresters+TargetedAttack+Hierarchy+Of+Needs+Part+1+Of+2/quickscan/-/E-RES107121?intcmp=blog:forrlink>
  *   Brief: S&R Pros Remain Unprepared To Address Virtualization And Cloud Security Risks<http://www.forrester.com/Brief+SR+Pros+Remain+Unprepared+To+Address+Virtualization+And+Cloud+Security+Risks/quickscan/-/E-RES107141>
  *   Quick Take: Cisco Acquires ThreatGrid, Bolstering Advanced Malware Protection<http://www.forrester.com/Quick+Take+Cisco+Acquires+ThreatGrid+Bolstering+Advanced+Malware+Protection/fulltext/-/E-RES116861>



image001.jpg (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Burek, Stanley
In reply to this post by Rick Holland
Has Splunk been added to the list?

Stanley Burek
Manager, Cyber Threat Intelligence
Information Security
+1.804.588.2535 (TL 404)
+1.804.767.1785 (cell)

 




On Jun 4, 2014, at 9:48 AM, Holland, Rick <[hidden email]> wrote:

All, 

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 
  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect



The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed.  If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.

Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Cody Wamsley
Hi everyone,

Please add CyberSponse to the list.


On Wed, Jun 4, 2014 at 8:02 AM, Burek, Stanley <[hidden email]> wrote:
Has Splunk been added to the list?

Stanley Burek
Manager, Cyber Threat Intelligence
Information Security
<a href="tel:%2B1.804.588.2535" value="+18045882535" target="_blank">+1.804.588.2535 (TL 404)
<a href="tel:%2B1.804.767.1785" value="+18047671785" target="_blank">+1.804.767.1785 (cell)

 




On Jun 4, 2014, at 9:48 AM, Holland, Rick <[hidden email]> wrote:

All, 

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 
  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect

Rick Holland
Principal Analyst Security & Risk Management
<a href="tel:%2B1.469.221.5359" value="+14692215359" target="_blank">+1.469.221.5359 | [hidden email] | @rickhholland 
5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244


Current research:





The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed.  If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.




--
Cody Wamsley 
Director of Legal Affairs   

480.378.3489 | [hidden email][hidden email]  |  www.cybersponse.com 

http://cybersponse.com/images/email-logo.png

**************Confidentiality Notice****************

This electronic message contains information from CyberSponse, Inc. which may be confidential and is intended solely for the use of the addressee listed above. If you are neither the intended recipient nor the employee or agent responsible for delivering this electronic message to the intended recipient, you are hereby notified that any disclosure, copying, distribution or the use of the content of this electronic message is strictly prohibited. If you have received this electronic message in error, please immediately notify us by replying to this message and delete the original message.

Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Merchant, Aubrey
In reply to this post by Rick Holland
Please add  Blue Coat.  Thanks, Rick.

Best,

Aubrey Merchant-Dest
Director, Security Strategies - OCTO
+1.301.351.4905 C

http://bluecoat.com/sites/default/files/page_inline_images/atp-lf-signature.jpg


From: <Holland>, Rick <[hidden email]>
Date: Wednesday, June 4, 2014 at 9:48 AM
To: "[hidden email]" <[hidden email]>
Subject: Vendor integrations with STIX?

All, 

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 
  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect

Rick Holland
Principal Analyst Security & Risk Management
+1.469.221.5359 | [hidden email] | @rickhholland 
5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244


Current research:
  • <a href="http://www.forrester.com/Introducing&#43;Forresters&#43;TargetedAttack&#43;Hierarchy&#43;Of&#43;Needs&#43;Part&#43;1&#43;Of&#43;2/quickscan/-/E-RES107121?intcmp=blog:forrlink" target="_blank">Targeted-Attack Hierarchy Of Needs, Part 1 Of 2
  • <a href="http://www.forrester.com/Brief&#43;SR&#43;Pros&#43;Remain&#43;Unprepared&#43;To&#43;Address&#43;Virtualization&#43;And&#43;Cloud&#43;Security&#43;Risks/quickscan/-/E-RES107141" style="font-family:verdana,sans-serif" target="_blank">Brief: S&R Pros Remain Unprepared To Address Virtualization And Cloud Security Risks
  • <a href="http://www.forrester.com/Quick&#43;Take&#43;Cisco&#43;Acquires&#43;ThreatGrid&#43;Bolstering&#43;Advanced&#43;Malware&#43;Protection/fulltext/-/E-RES116861" target="_blank">Quick Take: Cisco Acquires ThreatGrid, Bolstering Advanced Malware Protection

Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Tim P
Please add threatTRANSFORM to the Open Source list.


On Wed, Jun 4, 2014 at 7:17 PM, Merchant, Aubrey <[hidden email]> wrote:
Please add  Blue Coat.  Thanks, Rick.

Best,

Aubrey Merchant-Dest
Director, Security Strategies - OCTO
<a href="tel:%2B1.301.351.4905" value="+13013514905" target="_blank">+1.301.351.4905 C

http://bluecoat.com/sites/default/files/page_inline_images/atp-lf-signature.jpg


From: <Holland>, Rick <[hidden email]>
Date: Wednesday, June 4, 2014 at 9:48 AM
To: "[hidden email]" <[hidden email]>

Subject: Vendor integrations with STIX?

All, 

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 
  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect

Rick Holland
Principal Analyst Security & Risk Management
<a href="tel:%2B1.469.221.5359" value="+14692215359" target="_blank">+1.469.221.5359 | [hidden email] | @rickhholland 
5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244


Current research:


Reply | Threaded
Open this post in threaded view
|

RE: Vendor integrations with STIX?

Sarah Brown

Fox-IT should also be included.

 

Thank you,

Sarah Brown

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Tim P
Sent: Thursday, June 05, 2014 4:32 AM
To: [hidden email]
Cc: Holland, Rick
Subject: Re: Vendor integrations with STIX?

 

Please add threatTRANSFORM to the Open Source list.

 

On Wed, Jun 4, 2014 at 7:17 PM, Merchant, Aubrey <[hidden email]> wrote:

Please add  Blue Coat.  Thanks, Rick.

 

Best,

 

Aubrey Merchant-Dest

Director, Security Strategies - OCTO

<a href="tel:%2B1.301.351.4905" target="_blank">+1.301.351.4905 C

http://bluecoat.com/sites/default/files/page_inline_images/atp-lf-signature.jpg

 

From: <Holland>, Rick <[hidden email]>
Date: Wednesday, June 4, 2014 at 9:48 AM
To: "[hidden email]" <[hidden email]>


Subject: Vendor integrations with STIX?

 

All, 

 

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 

  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect

Rick Holland

Principal Analyst Security & Risk Management

<a href="tel:%2B1.469.221.5359" target="_blank">+1.469.221.5359 | [hidden email] | @rickhholland 

5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244

 

 

Current research:

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Jani Kenttälä
Hi! Could there also be a short description (like 1-3 sentences) of how the vendor utilises STIX and in which products?


On 05 Jun 2014, at 11:15, Sarah Brown <[hidden email]> wrote:

> Fox-IT should also be included.
>  
> Thank you,
> Sarah Brown
>  
>  
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Tim P
> Sent: Thursday, June 05, 2014 4:32 AM
> To: [hidden email]
> Cc: Holland, Rick
> Subject: Re: Vendor integrations with STIX?
>  
> Please add threatTRANSFORM to the Open Source list.
>  
>
> On Wed, Jun 4, 2014 at 7:17 PM, Merchant, Aubrey <[hidden email]> wrote:
> Please add  Blue Coat.  Thanks, Rick.
>  
> Best,
>  
> Aubrey Merchant-Dest
> Director, Security Strategies - OCTO
> +1.301.351.4905 C
> <image001.png>
>
>  
> From: <Holland>, Rick <[hidden email]>
> Date: Wednesday, June 4, 2014 at 9:48 AM
> To: "[hidden email]" <[hidden email]>
>
> Subject: Vendor integrations with STIX?
>  
> All,
>  
> I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list:
> • HP
> • Microsoft
> • Bromium
> • Checkpoint
> • Malcovery
> • Vorstack
> • ThreatConnect
> Rick Holland
> Principal Analyst Security & Risk Management
> +1.469.221.5359 | [hidden email] | @rickhholland
> 5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244
>  
> Check out my latest blog posts.
>  
> Current research:
> • Targeted-Attack Hierarchy Of Needs, Part 1 Of 2
> • Brief: S&R Pros Remain Unprepared To Address Virtualization And Cloud Security Risks
> • Quick Take: Cisco Acquires ThreatGrid, Bolstering Advanced Malware Protection
>  
>  


--
Jani Kenttälä / +358 45 1224 601 / Head of Solutions
Clarified Networks - a Codenomicon Group company
http://fi.linkedin.com/in/janikenttala             http://twitter.com/#!/janikenttala
Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Keith Custers
In reply to this post by Merchant, Aubrey
funny to see how all vendors saying they are supporting STIX but not explaining to which extend


On Thu, Jun 5, 2014 at 2:17 AM, Merchant, Aubrey <[hidden email]> wrote:
Please add  Blue Coat.  Thanks, Rick.

Best,

Aubrey Merchant-Dest
Director, Security Strategies - OCTO
<a href="tel:%2B1.301.351.4905" target="_blank" value="+13013514905">+1.301.351.4905 C

http://bluecoat.com/sites/default/files/page_inline_images/atp-lf-signature.jpg


From: <Holland>, Rick <[hidden email]>
Date: Wednesday, June 4, 2014 at 9:48 AM
To: "[hidden email]" <[hidden email]>

Subject: Vendor integrations with STIX?

All, 

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 
  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect

Rick Holland
Principal Analyst Security & Risk Management
<a href="tel:%2B1.469.221.5359" target="_blank" value="+14692215359">+1.469.221.5359 | [hidden email] | @rickhholland 
5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244


Current research:


Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Rick Holland
In reply to this post by Jani Kenttälä
I am going to collect all these vendors, reach out to their product management teams and request 30 min briefings on how they actually leverage STIX (or how they plan to and when it will be released.)  I will then write a blog on it. I won't write it up as formal Forrester research, so you don't have to be a client to see it. I will share with the list once I have completed this side project. 

Rick 



On Thu, Jun 5, 2014 at 3:29 AM, Jani Kenttälä <[hidden email]> wrote:
Hi! Could there also be a short description (like 1-3 sentences) of how the vendor utilises STIX and in which products?


On 05 Jun 2014, at 11:15, Sarah Brown <[hidden email]> wrote:

> Fox-IT should also be included.
>
> Thank you,
> Sarah Brown
>
>
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Tim P
> Sent: Thursday, June 05, 2014 4:32 AM
> To: [hidden email]
> Cc: Holland, Rick
> Subject: Re: Vendor integrations with STIX?
>
> Please add threatTRANSFORM to the Open Source list.
>
>
> On Wed, Jun 4, 2014 at 7:17 PM, Merchant, Aubrey <[hidden email]> wrote:
> Please add  Blue Coat.  Thanks, Rick.
>
> Best,
>
> Aubrey Merchant-Dest
> Director, Security Strategies - OCTO
> +1.301.351.4905 C
> <image001.png>
>
>
> From: <Holland>, Rick <[hidden email]>
> Date: Wednesday, June 4, 2014 at 9:48 AM
> To: "[hidden email]" <[hidden email]>
>
> Subject: Vendor integrations with STIX?
>
> All,
>
> I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list:
>       • HP
>       • Microsoft
>       • Bromium
>       • Checkpoint
>       • Malcovery
>       • Vorstack
>       • ThreatConnect
> Rick Holland
> Principal Analyst Security & Risk Management
> +1.469.221.5359 | [hidden email] | @rickhholland
> 5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244
>
> Check out my latest blog posts.
>
> Current research:
>       • Targeted-Attack Hierarchy Of Needs, Part 1 Of 2
>       • Brief: S&R Pros Remain Unprepared To Address Virtualization And Cloud Security Risks
>       • Quick Take: Cisco Acquires ThreatGrid, Bolstering Advanced Malware Protection
>
>


--
Jani Kenttälä / +358 45 1224 601 / Head of Solutions
Clarified Networks - a Codenomicon Group company
http://fi.linkedin.com/in/janikenttala             http://twitter.com/#!/janikenttala

Reply | Threaded
Open this post in threaded view
|

RE: Vendor integrations with STIX?

Collie, Byron S.

Hey Rick, do you have any intention to look at the security intelligence vendor space, beyond the product space, to look at intentions/capabilities to actively publish their reporting in STIX format?

 

Thanks

Byron

 

=====================================
Byron Collie
Vice President, Director of Cyber Intelligence
Technology Risk
Goldman Sachs

Off Tel: + 1 212-357-1207
Cell Tel: + 1 551-358-3848
P Please consider the environment before printing this e-mail.
   
NOTICE TO RECIPIENTS: This message may contain information that is confidential or privileged.  If you are not the intended recipient, please advise the sender immediately and delete this message.  See http://www.gs.com/disclaimer/email  for further information on confidentiality and the risks inherent in electronic communication.

 

 

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Holland, Rick
Sent: Thursday, June 05, 2014 7:52 AM
To: Jani Kenttälä
Cc: [hidden email]
Subject: Re: Vendor integrations with STIX?

 

I am going to collect all these vendors, reach out to their product management teams and request 30 min briefings on how they actually leverage STIX (or how they plan to and when it will be released.)  I will then write a blog on it. I won't write it up as formal Forrester research, so you don't have to be a client to see it. I will share with the list once I have completed this side project. 

 

Rick 


 

On Thu, Jun 5, 2014 at 3:29 AM, Jani Kenttälä <[hidden email]> wrote:

Hi! Could there also be a short description (like 1-3 sentences) of how the vendor utilises STIX and in which products?



On 05 Jun 2014, at 11:15, Sarah Brown <[hidden email]> wrote:


> Fox-IT should also be included.
>
> Thank you,
> Sarah Brown
>
>
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Tim P
> Sent: Thursday, June 05, 2014 4:32 AM
> To: [hidden email]
> Cc: Holland, Rick
> Subject: Re: Vendor integrations with STIX?
>
> Please add threatTRANSFORM to the Open Source list.
>
>
> On Wed, Jun 4, 2014 at 7:17 PM, Merchant, Aubrey <[hidden email]> wrote:
> Please add  Blue Coat.  Thanks, Rick.
>
> Best,
>
> Aubrey Merchant-Dest
> Director, Security Strategies - OCTO
> +1.301.351.4905 C

> <image001.png>

>
>
> From: <Holland>, Rick <[hidden email]>
> Date: Wednesday, June 4, 2014 at 9:48 AM
> To: "[hidden email]" <[hidden email]>
>
> Subject: Vendor integrations with STIX?
>
> All,
>
> I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list:
>       • HP
>       • Microsoft
>       • Bromium
>       • Checkpoint
>       • Malcovery
>       • Vorstack
>       • ThreatConnect
> Rick Holland
> Principal Analyst Security & Risk Management
> +1.469.221.5359 | [hidden email] | @rickhholland
> 5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244
>
> Check out my latest blog posts.
>
> Current research:
>       • Targeted-Attack Hierarchy Of Needs, Part 1 Of 2
>       • Brief: S&R Pros Remain Unprepared To Address Virtualization And Cloud Security Risks
>       • Quick Take: Cisco Acquires ThreatGrid, Bolstering Advanced Malware Protection
>
>


--
Jani Kenttälä / +358 45 1224 601 / Head of Solutions
Clarified Networks - a Codenomicon Group company
http://fi.linkedin.com/in/janikenttala             http://twitter.com/#!/janikenttala

 

Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Rick Holland
Yes, I'm interested in both publishing and consumption. I actually have formal research on the intel provider space going right now as well. 



On Thu, Jun 5, 2014 at 7:13 AM, Collie, Byron S. <[hidden email]> wrote:

Hey Rick, do you have any intention to look at the security intelligence vendor space, beyond the product space, to look at intentions/capabilities to actively publish their reporting in STIX format?

 

Thanks

Byron

 

=====================================
Byron Collie
Vice President, Director of Cyber Intelligence
Technology Risk
Goldman Sachs

Off Tel: + 1 212-357-1207
Cell Tel: + 1 551-358-3848
P Please consider the environment before printing this e-mail.
   
NOTICE TO RECIPIENTS: This message may contain information that is confidential or privileged.  If you are not the intended recipient, please advise the sender immediately and delete this message.  See http://www.gs.com/disclaimer/email  for further information on confidentiality and the risks inherent in electronic communication.

 

 

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Holland, Rick
Sent: Thursday, June 05, 2014 7:52 AM
To: Jani Kenttälä
Cc: [hidden email]


Subject: Re: Vendor integrations with STIX?

 

I am going to collect all these vendors, reach out to their product management teams and request 30 min briefings on how they actually leverage STIX (or how they plan to and when it will be released.)  I will then write a blog on it. I won't write it up as formal Forrester research, so you don't have to be a client to see it. I will share with the list once I have completed this side project. 

 

Rick 


 

On Thu, Jun 5, 2014 at 3:29 AM, Jani Kenttälä <[hidden email]> wrote:

Hi! Could there also be a short description (like 1-3 sentences) of how the vendor utilises STIX and in which products?



On 05 Jun 2014, at 11:15, Sarah Brown <[hidden email]> wrote:

> Fox-IT should also be included.
>
> Thank you,
> Sarah Brown
>
>
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Tim P
> Sent: Thursday, June 05, 2014 4:32 AM
> To: [hidden email]
> Cc: Holland, Rick
> Subject: Re: Vendor integrations with STIX?
>
> Please add threatTRANSFORM to the Open Source list.
>
>
> On Wed, Jun 4, 2014 at 7:17 PM, Merchant, Aubrey <[hidden email]> wrote:
> Please add  Blue Coat.  Thanks, Rick.
>
> Best,
>
> Aubrey Merchant-Dest
> Director, Security Strategies - OCTO
> +1.301.351.4905 C

> <image001.png>

>
>
> From: <Holland>, Rick <[hidden email]>
> Date: Wednesday, June 4, 2014 at 9:48 AM
> To: "[hidden email]" <[hidden email]>
>
> Subject: Vendor integrations with STIX?
>
> All,
>
> I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list:
>       • HP
>       • Microsoft
>       • Bromium
>       • Checkpoint
>       • Malcovery
>       • Vorstack
>       • ThreatConnect
> Rick Holland
> Principal Analyst Security & Risk Management
> +1.469.221.5359 | [hidden email] | @rickhholland
> 5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244
>
> Check out my latest blog posts.
>
> Current research:
>       • Targeted-Attack Hierarchy Of Needs, Part 1 Of 2
>       • Brief: S&R Pros Remain Unprepared To Address Virtualization And Cloud Security Risks
>       • Quick Take: Cisco Acquires ThreatGrid, Bolstering Advanced Malware Protection
>
>

--
Jani Kenttälä / +358 45 1224 601 / Head of Solutions
Clarified Networks - a Codenomicon Group company
http://fi.linkedin.com/in/janikenttala             http://twitter.com/#!/janikenttala

 


Reply | Threaded
Open this post in threaded view
|

RE: Vendor integrations with STIX?

Aharon
In reply to this post by Keith Custers

I was never a big fan of how the SCAP validation program was implemented, as I believe the costs associated with the validation hurt innovation and small startups in the space. However, there is a page from that book that I’d like to steal. Since SCAP had a large standards feature set that could be adopted, they gave out different SCAP validation levels (ie. Scanner, asset mgt, configuration, etc). The STIX Profile gives us all of the information we need to determine adoption, but not an in easily marketable way. An interesting idea would be to take sections of the STIX Profile and give them overall names.

 

For example:

If I have ThreatActor and Campaign sections of my profile marked as completely allowed: STIX Attribution Compliant

If I have a portion of ThreatActor and Campaign sections of my profile marked as allowed: Partial STIX Attribution Compliant

If I have a large portion of CybOX Common marked as allowed: Partial CybOx Common Compliant

If I have all portions of the CybOX Common marked as allowed: CybOx Common Compliant

And others for TTP, Indicators, STIX Common, etc, etc, etc…

 

This way when vendors respond, they could quote something like: “Yes we are adopting STIX and we plan to be Attribution and partial CybOX Common Compliant”.. If you need more detail, you could then request their STIX Profile.

 

Just an idea to spur some discussion…

 

Aharon

 

DTCC Non-Confidential (White)
---------------------------------------------------
Michael “Aharon” Chernin

Security Automation

DTCC Tampa

813-470-2173 | [hidden email]

 

cid:image002.jpg@01CF111C.3642D5E0

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Keith Custers
Sent: Thursday, June 05, 2014 4:52 AM
To: [hidden email]
Subject: Re: Vendor integrations with STIX?

 

funny to see how all vendors saying they are supporting STIX but not explaining to which extend

 

On Thu, Jun 5, 2014 at 2:17 AM, Merchant, Aubrey <[hidden email]> wrote:

Please add  Blue Coat.  Thanks, Rick.

 

Best,

 

Aubrey Merchant-Dest

Director, Security Strategies - OCTO

<a href="tel:%2B1.301.351.4905" target="_blank">+1.301.351.4905 C

http://bluecoat.com/sites/default/files/page_inline_images/atp-lf-signature.jpg

 

From: <Holland>, Rick <[hidden email]>
Date: Wednesday, June 4, 2014 at 9:48 AM
To: "[hidden email]" <[hidden email]>


Subject: Vendor integrations with STIX?

 

All, 

 

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 

  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect

Rick Holland

Principal Analyst Security & Risk Management

<a href="tel:%2B1.469.221.5359" target="_blank">+1.469.221.5359 | [hidden email] | @rickhholland 

5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244

 

 

Current research:

  • <a href="http://www.forrester.com/Introducing&#43;Forresters&#43;TargetedAttack&#43;Hierarchy&#43;Of&#43;Needs&#43;Part&#43;1&#43;Of&#43;2/quickscan/-/E-RES107121?intcmp=blog:forrlink" target="_blank">Targeted-Attack Hierarchy Of Needs, Part 1 Of 2
  • <a href="http://www.forrester.com/Brief&#43;SR&#43;Pros&#43;Remain&#43;Unprepared&#43;To&#43;Address&#43;Virtualization&#43;And&#43;Cloud&#43;Security&#43;Risks/quickscan/-/E-RES107141" target="_blank">Brief: S&R Pros Remain Unprepared To Address Virtualization And Cloud Security Risks
  • <a href="http://www.forrester.com/Quick&#43;Take&#43;Cisco&#43;Acquires&#43;ThreatGrid&#43;Bolstering&#43;Advanced&#43;Malware&#43;Protection/fulltext/-/E-RES116861" target="_blank">Quick Take: Cisco Acquires ThreatGrid, Bolstering Advanced Malware Protection

 

 


DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses.  The company accepts no liability for any damage caused by any virus transmitted by this email.
Reply | Threaded
Open this post in threaded view
|

RE: Vendor integrations with STIX?

Jason Keirstead

It would also be good to qualify if the product supports the level Inbound or Outbound.

Some products will support integrating STIX inbound, some may support providing STIX, some may support both.

- Jason

<[hidden email]> wrote on 2014/06/05 11:14:23 AM:

> From: "Chernin, Michael A." <[hidden email]>

> To: Keith Custers <[hidden email]>, "STIX-DISCUSSION-
> [hidden email]" <[hidden email]>

> Date: 2014/06/05 11:15 AM
> Subject: RE: Vendor integrations with STIX?
> Sent by: <[hidden email]>
>
> I was never a big fan of how the SCAP validation program was
> implemented, as I believe the costs associated with the validation
> hurt innovation and small startups in the space. However, there is a
> page from that book that I’d like to steal. Since SCAP had a large
> standards feature set that could be adopted, they gave out different
> SCAP validation levels (ie. Scanner, asset mgt, configuration, etc).
> The STIX Profile gives us all of the information we need to
> determine adoption, but not an in easily marketable way. An
> interesting idea would be to take sections of the STIX Profile and
> give them overall names.

>  
> For example:
> If I have ThreatActor and Campaign sections of my profile marked as
> completely allowed: STIX Attribution Compliant

> If I have a portion of ThreatActor and Campaign sections of my
> profile marked as allowed: Partial STIX Attribution Compliant

> If I have a large portion of CybOX Common marked as allowed: Partial
> CybOx Common Compliant

> If I have all portions of the CybOX Common marked as allowed: CybOx
> Common Compliant

> And others for TTP, Indicators, STIX Common, etc, etc, etc…
>  
> This way when vendors respond, they could quote something like: “Yes
> we are adopting STIX and we plan to be Attribution and partial CybOX
> Common Compliant”.. If you need more detail, you could then request
> their STIX Profile.

>  
> Just an idea to spur some discussion…
>  
> Aharon
>  
> DTCC Non-Confidential (White)
> ---------------------------------------------------
> Michael “Aharon” Chernin

> Security Automation
> DTCC Tampa
> 813-470-2173 | [hidden email]
>  
> [image removed]
>  
> From: [hidden email] [[hidden email]
> [hidden email]] On Behalf Of Keith Custers
> Sent: Thursday, June 05, 2014 4:52 AM
> To: [hidden email]
> Subject: Re: Vendor integrations with STIX?

>  
> funny to see how all vendors saying they are supporting STIX but not
> explaining to which extend

>  
> On Thu, Jun 5, 2014 at 2:17 AM, Merchant, Aubrey <[hidden email]
> > wrote:

> Please add  Blue Coat.  Thanks, Rick.
>  
> Best,
>  
> Aubrey Merchant-Dest
> Director, Security Strategies - OCTO
> +1.301.351.4905 C
> [image removed]
>  
> From: <Holland>, Rick <[hidden email]>
> Date: Wednesday, June 4, 2014 at 9:48 AM
> To: "[hidden email]" <STIX-DISCUSSION-
> [hidden email]>

>
> Subject: Vendor integrations with STIX?

>  
> All,
>  
> I am compiling a list of vendors that have publicly announced or
> have rolled out STIX integrations.  If you know of anyone that has
> done this I would appreciate hearing from you. I'm certain that I am
> missing some. My current list:

> HP
> Microsoft
> Bromium
> Checkpoint
> Malcovery
> Vorstack
> ThreatConnect
> Rick Holland
> Principal Analyst Security & Risk Management
> +1.469.221.5359 | [hidden email] | @rickhholland
> 5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244
>  
> Check out my latest blog posts.
>  
> Current research:
> Targeted-Attack Hierarchy Of Needs, Part 1 Of 2
> Brief: S&R Pros Remain Unprepared To Address Virtualization And
> Cloud Security Risks

> Quick Take: Cisco Acquires ThreatGrid, Bolstering Advanced Malware Protection
>  
>  
>
> DTCC DISCLAIMER: This email and any files transmitted with it are
> confidential and intended solely for the use of the individual or
> entity to whom they are addressed. If you have received this email
> in error, please notify us immediately and delete the email and any
> attachments from your system. The recipient should check this email
> and any attachments for the presence of viruses.  The company
> accepts no liability for any damage caused by any virus transmitted
> by this email.

Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Mancini, Steve
Also makes me wonder if they will be using STIX profiles to define what is in “scope” for their products - ie, if someone is only concerned with a type of indicator will they frame their content by that profile, etc.

-Steve


From: Jason Keirstead <[hidden email]<mailto:[hidden email]>>
Date: Thursday, June 5, 2014 at 7:25 AM
To: "Chernin, Michael A." <[hidden email]<mailto:[hidden email]>>
Cc: Keith Custers <[hidden email]<mailto:[hidden email]>>, "[hidden email]<mailto:[hidden email]>" <[hidden email]<mailto:[hidden email]>>, "[hidden email]<mailto:[hidden email]>" <[hidden email]<mailto:[hidden email]>>
Subject: RE: Vendor integrations with STIX?


It would also be good to qualify if the product supports the level Inbound or Outbound.

Some products will support integrating STIX inbound, some may support providing STIX, some may support both.

- Jason

<[hidden email]<mailto:[hidden email]>> wrote on 2014/06/05 11:14:23 AM:

> From: "Chernin, Michael A." <[hidden email]<mailto:[hidden email]>>
> To: Keith Custers <[hidden email]<mailto:[hidden email]>>, "STIX-DISCUSSION-
> [hidden email]<mailto:[hidden email]>" <[hidden email]<mailto:[hidden email]>>
> Date: 2014/06/05 11:15 AM
> Subject: RE: Vendor integrations with STIX?
> Sent by: <[hidden email]<mailto:[hidden email]>>
>
> I was never a big fan of how the SCAP validation program was
> implemented, as I believe the costs associated with the validation
> hurt innovation and small startups in the space. However, there is a
> page from that book that I’d like to steal. Since SCAP had a large
> standards feature set that could be adopted, they gave out different
> SCAP validation levels (ie. Scanner, asset mgt, configuration, etc).
> The STIX Profile gives us all of the information we need to
> determine adoption, but not an in easily marketable way. An
> interesting idea would be to take sections of the STIX Profile and
> give them overall names.
>
> For example:
> If I have ThreatActor and Campaign sections of my profile marked as
> completely allowed: STIX Attribution Compliant
> If I have a portion of ThreatActor and Campaign sections of my
> profile marked as allowed: Partial STIX Attribution Compliant
> If I have a large portion of CybOX Common marked as allowed: Partial
> CybOx Common Compliant
> If I have all portions of the CybOX Common marked as allowed: CybOx
> Common Compliant
> And others for TTP, Indicators, STIX Common, etc, etc, etc…
>
> This way when vendors respond, they could quote something like: “Yes
> we are adopting STIX and we plan to be Attribution and partial CybOX
> Common Compliant”.. If you need more detail, you could then request
> their STIX Profile.
>
> Just an idea to spur some discussion…
>
> Aharon
>
> DTCC Non-Confidential (White)
> ---------------------------------------------------
> Michael “Aharon” Chernin
> Security Automation
> DTCC Tampa
> 813-470-2173 | [hidden email]<mailto:[hidden email]>
>
> [image removed]
>
> From: [hidden email]<mailto:[hidden email]> [mailto:owner-stix-
> [hidden email]<mailto:[hidden email]>] On Behalf Of Keith Custers
> Sent: Thursday, June 05, 2014 4:52 AM
> To: [hidden email]<mailto:[hidden email]>
> Subject: Re: Vendor integrations with STIX?
>
> funny to see how all vendors saying they are supporting STIX but not
> explaining to which extend
>
> On Thu, Jun 5, 2014 at 2:17 AM, Merchant, Aubrey <[hidden email]<mailto:[hidden email]>
> > wrote:
> Please add  Blue Coat.  Thanks, Rick.
>
> Best,
>
> Aubrey Merchant-Dest
> Director, Security Strategies - OCTO
> +1.301.351.4905 C
> [image removed]
>
> From: <Holland>, Rick <[hidden email]<mailto:[hidden email]>>
> Date: Wednesday, June 4, 2014 at 9:48 AM
> To: "[hidden email]<mailto:[hidden email]>" <STIX-DISCUSSION-
> [hidden email]<mailto:[hidden email]>>
>
> Subject: Vendor integrations with STIX?
>
> All,
>
> I am compiling a list of vendors that have publicly announced or
> have rolled out STIX integrations.  If you know of anyone that has
> done this I would appreciate hearing from you. I'm certain that I am
> missing some. My current list:
> HP
> Microsoft
> Bromium
> Checkpoint
> Malcovery
> Vorstack
> ThreatConnect
> Rick Holland
> Principal Analyst Security & Risk Management
> +1.469.221.5359 | [hidden email]<mailto:[hidden email]> | @rickhholland
> 5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244
>
> Check out my latest blog posts.
>
> Current research:
> Targeted-Attack Hierarchy Of Needs, Part 1 Of 2
> Brief: S&R Pros Remain Unprepared To Address Virtualization And
> Cloud Security Risks
> Quick Take: Cisco Acquires ThreatGrid, Bolstering Advanced Malware Protection
>
>
>
> DTCC DISCLAIMER: This email and any files transmitted with it are
> confidential and intended solely for the use of the individual or
> entity to whom they are addressed. If you have received this email
> in error, please notify us immediately and delete the email and any
> attachments from your system. The recipient should check this email
> and any attachments for the presence of viruses.  The company
> accepts no liability for any damage caused by any virus transmitted
> by this email.
Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Jordan, Bret
In reply to this post by Aharon
I like the idea, however, that assumes at least on the consumption side that the vendor is not just saying we want it all, and are going to throw away stuff on the back side that we do not care about.  As I work for one of the vendors I can see several levels of adoption.

1) Products XYZ will be able to consume STIX packages
2) An analyst will be able to manually create a STIX package from the tool or the product will create some STIX packages auto-magically 
3) The vendor is sharing or peering part or all of its content with customers (either as a paid for service or community).

The reality is, and something I think DHS has hit on, is there is a lot of really valuable Cyber Intel out there.  The problem is, we do not currently all talk or share that intel.  So while I may have a chunk of Cyber Observables, it would be nice if I could peer with someone that has TTP or Campaign information and then peer with someone like DHS that might have ThreatActor information.   But I do not see any one vendor having all of that.  I see vendors doing items 1, 2, or 3 above.  




Thanks,
Bret
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 


Blue Coat Systems
10713 South Jordan Gateway, Suite 100
South Jordan, UT 84095

On Jun 5, 2014, at 8:14 AM, Chernin, Michael A. <[hidden email]> wrote:

I was never a big fan of how the SCAP validation program was implemented, as I believe the costs associated with the validation hurt innovation and small startups in the space. However, there is a page from that book that I’d like to steal. Since SCAP had a large standards feature set that could be adopted, they gave out different SCAP validation levels (ie. Scanner, asset mgt, configuration, etc). The STIX Profile gives us all of the information we need to determine adoption, but not an in easily marketable way. An interesting idea would be to take sections of the STIX Profile and give them overall names.
 
For example:
If I have ThreatActor and Campaign sections of my profile marked as completely allowed: STIX Attribution Compliant
If I have a portion of ThreatActor and Campaign sections of my profile marked as allowed: Partial STIX Attribution Compliant
If I have a large portion of CybOX Common marked as allowed: Partial CybOx Common Compliant
If I have all portions of the CybOX Common marked as allowed: CybOx Common Compliant
And others for TTP, Indicators, STIX Common, etc, etc, etc…
 
This way when vendors respond, they could quote something like: “Yes we are adopting STIX and we plan to be Attribution and partial CybOX Common Compliant”.. If you need more detail, you could then request their STIX Profile.
 
Just an idea to spur some discussion…
 
Aharon
 
DTCC Non-Confidential (White)
---------------------------------------------------
Michael “Aharon” Chernin
Security Automation
DTCC Tampa
813-470-2173 | [hidden email]
 
<image001.jpg>
 
From: [hidden email] [[hidden email]] On Behalf Of Keith Custers
Sent: Thursday, June 05, 2014 4:52 AM
To: [hidden email]
Subject: Re: Vendor integrations with STIX?
 
funny to see how all vendors saying they are supporting STIX but not explaining to which extend

 

On Thu, Jun 5, 2014 at 2:17 AM, Merchant, Aubrey <[hidden email]> wrote:
Please add  Blue Coat.  Thanks, Rick.
 
Best,
 
Aubrey Merchant-Dest
Director, Security Strategies - OCTO
<a href="tel:%2B1.301.351.4905" target="_blank" style="color: purple; text-decoration: underline;">+1.301.351.4905 C
 
From: <Holland>, Rick <[hidden email]>
Date: Wednesday, June 4, 2014 at 9:48 AM
To: "[hidden email]" <[hidden email]>

Subject: Vendor integrations with STIX?
 
All, 
 
I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 
  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect
Rick Holland
Principal Analyst Security & Risk Management
<a href="tel:%2B1.469.221.5359" target="_blank" style="color: purple; text-decoration: underline;">+1.469.221.5359 | [hidden email] | @rickhholland 
5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244
 
 
Current research:
 
 

DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses.  The company accepts no liability for any damage caused by any virus transmitted by this email.


signature.asc (858 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Cody Cornell
In reply to this post by Rick Holland

Rick,


Please include Swimlane for Security Operations and Compliance on the list of “to be” STIX data consumers.


Swimlane’s roadmap (Q4 2014) includes the ingestion of  STIX data to augment the event/incident management and resolution processes.  The threat intel is used to enrich the event a security analysts is evaluating and resolving, as well as providing visualization of threat intel data to provide situational awareness and context when resolving events.  Internally we have an interest in developing a capability to assist security analysts with creating, modifying, improving and reusing the threat intel data they have as part of the “measure and improve” portion of event/incident management, but that capability has not officially place on our roadmap.


WARNING…Marketing Pitch Ahead!


What is Swimlane? Swimlane for Security Operations and Compliance is a security case management and workflow solution, specifically designed to integrate with existing security solutions to place created events into standardized, automated and measureable workflows, improving your ability to resolve security operation and compliance tasks. Swimlane was designed to reduce the countless hours businesses spend gathering and manipulating data in spreadsheets, creating charts, filling out PDF forms, entering data in web portals, emailing reports and manually copying and pasting data from one application to another.


Swimlane is not currently publically available, but is being evaluated by Civilian Federal, DoD and Fortune 500 organizations to provide CISOs and CIOs tangible metrics dashboards, standardize, measure and improve incident response capability and reduce operation’s staff workloads.  


Thanks,

Cody



Cody Cornell | Founder - Phoenix Data Security Inc. | www.phxdatasec.com | [hidden email] | M: 928-587-0170 | O: 480-967-0650 | @workhardr


On Wed, Jun 4, 2014 at 6:48 AM, Holland, Rick <[hidden email]> wrote:
All, 

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 
  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect

Rick Holland
Principal Analyst Security & Risk Management
<a href="tel:%2B1.469.221.5359" value="+14692215359" target="_blank">+1.469.221.5359 | [hidden email] | @rickhholland 
5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244


Current research:


Reply | Threaded
Open this post in threaded view
|

Re: Vendor integrations with STIX?

Greg Martin
In reply to this post by Rick Holland
Hi Rick,

ThreatStream Optic has supported STIX input and output for 11 months now.

Greg


On Wed, Jun 4, 2014 at 6:48 AM, Holland, Rick <[hidden email]> wrote:
All, 

I am compiling a list of vendors that have publicly announced or have rolled out STIX integrations.  If you know of anyone that has done this I would appreciate hearing from you. I'm certain that I am missing some. My current list: 
  • HP
  • Microsoft
  • Bromium
  • Checkpoint
  • Malcovery
  • Vorstack
  • ThreatConnect

Rick Holland
Principal Analyst Security & Risk Management
<a href="tel:%2B1.469.221.5359" value="+14692215359" target="_blank">+1.469.221.5359 | [hidden email] | @rickhholland 
5001 Spring Valley Road, Suite 200-E | Dallas, TX 75244


Current research:




--
Greg Martin | Chief Technical Officer | www.threatstream.com 
401 Warren Street, Ste 200 | Redwood City, CA 94063 
Phone:  408-800-4050 |  Twitter:  @threatstream 

Operationalize / Detect / Disrupt

123