[cti-users] Who is doing what?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[cti-users] Who is doing what?

Jordan, Bret
I have a personal request.... I would like to get to know who is doing what today with CTI.  I would especially like to know if and what you are doing with STIX and TAXII, if you have embarked on that train. Please contact me off list to setup a time for us to chat, all information will be treaded as if under an NDA. This research will help me identify areas and way that we can improve things or keep things the same in the standards body, especially the TAXII side of the house.  

For example, I just had a call with Intelworks and saw their new product and talked through their needs, wants, and use cases.  And as a side note, WOW, if any of you are consumers and users of the CTI data itself, you really need to look at their solution.

For those that reach out to me, and agree to it, I might include you in an OpEd I am wanting to write about the state of CTI and where things are going, and where things really could go to improve the state of cyber security.


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 


signature.asc (859 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

[cti-users] RE: Who is doing what?

David Henry Eilken

Bret,

 

I hope this kind of information can be pulled to together by the InterOP SC that’s been proposed. At the end of the day, we need to consolidate all of the STIX TAXII efforts in a vetted list that will help push standards maturity in the right direction. We can quickly get some specific (albeit qualitative) maturity parameters around what are ok/ good/ great (both for STIX & TAXII) implementations defined by the community.

 

I’m sure it would be greatly appreciated if you can pass on any info you gather to the SC once it’s formed. As I’ve said, I’ll be donating all of the STIX TAXII validation efforts Soltra has done to date.

 

Dave

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Jordan, Bret
Sent: Friday, September 04, 2015 10:41 AM
To: [hidden email]
Subject: [cti-users] Who is doing what?

 

I have a personal request.... I would like to get to know who is doing what today with CTI.  I would especially like to know if and what you are doing with STIX and TAXII, if you have embarked on that train. Please contact me off list to setup a time for us to chat, all information will be treaded as if under an NDA. This research will help me identify areas and way that we can improve things or keep things the same in the standards body, especially the TAXII side of the house.  

 

For example, I just had a call with Intelworks and saw their new product and talked through their needs, wants, and use cases.  And as a side note, WOW, if any of you are consumers and users of the CTI data itself, you really need to look at their solution.

 

For those that reach out to me, and agree to it, I might include you in an OpEd I am wanting to write about the state of CTI and where things are going, and where things really could go to improve the state of cyber security.

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

Reply | Threaded
Open this post in threaded view
|

Re: [cti-users] RE: Who is doing what?

pmaroney
Suggest one start with : http://stixproject.github.io/supporters/

If you havent  registered your related efforts: https://docs.google.com/forms/d/1phQjHtahwh28-GPDvvmxzW_3UFbYSPDeyJ_21XpP1wc/viewform?c=0&w=1

Patrick Maroney




On Fri, Sep 4, 2015 at 11:09 AM -0700, "David Henry Eilken" <[hidden email]> wrote:

Bret,

 

I hope this kind of information can be pulled to together by the InterOP SC that’s been proposed. At the end of the day, we need to consolidate all of the STIX TAXII efforts in a vetted list that will help push standards maturity in the right direction. We can quickly get some specific (albeit qualitative) maturity parameters around what are ok/ good/ great (both for STIX & TAXII) implementations defined by the community.

 

I’m sure it would be greatly appreciated if you can pass on any info you gather to the SC once it’s formed. As I’ve said, I’ll be donating all of the STIX TAXII validation efforts Soltra has done to date.

 

Dave

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Jordan, Bret
Sent: Friday, September 04, 2015 10:41 AM
To: [hidden email]
Subject: [cti-users] Who is doing what?

 

I have a personal request.... I would like to get to know who is doing what today with CTI.  I would especially like to know if and what you are doing with STIX and TAXII, if you have embarked on that train. Please contact me off list to setup a time for us to chat, all information will be treaded as if under an NDA. This research will help me identify areas and way that we can improve things or keep things the same in the standards body, especially the TAXII side of the house.  

 

For example, I just had a call with Intelworks and saw their new product and talked through their needs, wants, and use cases.  And as a side note, WOW, if any of you are consumers and users of the CTI data itself, you really need to look at their solution.

 

For those that reach out to me, and agree to it, I might include you in an OpEd I am wanting to write about the state of CTI and where things are going, and where things really could go to improve the state of cyber security.

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

Reply | Threaded
Open this post in threaded view
|

[cti-users] Re: Who is doing what?

Jordan, Bret
In reply to this post by David Henry Eilken
I have a pretty good track record of honoring the implied NDAs when I talk with groups about what they are doing, helping them work through issues with STIX/TAXII, or discussing how they might use CTI in my vision of the SOC of the future.  

But to your request, I will be more than willing to share any information or anonymized version that I am told is public and not restricted.   I will, however, always share my summaries, conclusions, and take aways as those can be anonymized to a point where no intellectual property or trade secrets will be exposed. 

I just really want this research to help me do a better job representing the community.  


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Sep 4, 2015, at 12:09, David Henry Eilken <[hidden email]> wrote:

Bret,
 
I hope this kind of information can be pulled to together by the InterOP SC that’s been proposed. At the end of the day, we need to consolidate all of the STIX TAXII efforts in a vetted list that will help push standards maturity in the right direction. We can quickly get some specific (albeit qualitative) maturity parameters around what are ok/ good/ great (both for STIX & TAXII) implementations defined by the community.
 
I’m sure it would be greatly appreciated if you can pass on any info you gather to the SC once it’s formed. As I’ve said, I’ll be donating all of the STIX TAXII validation efforts Soltra has done to date.
 
Dave
 
From: [hidden email] [[hidden email]] On Behalf Of Jordan, Bret
Sent: Friday, September 04, 2015 10:41 AM
To: [hidden email]
Subject: [cti-users] Who is doing what?
 
I have a personal request.... I would like to get to know who is doing what today with CTI.  I would especially like to know if and what you are doing with STIX and TAXII, if you have embarked on that train. Please contact me off list to setup a time for us to chat, all information will be treaded as if under an NDA. This research will help me identify areas and way that we can improve things or keep things the same in the standards body, especially the TAXII side of the house.  
 
For example, I just had a call with Intelworks and saw their new product and talked through their needs, wants, and use cases.  And as a side note, WOW, if any of you are consumers and users of the CTI data itself, you really need to look at their solution.
 
For those that reach out to me, and agree to it, I might include you in an OpEd I am wanting to write about the state of CTI and where things are going, and where things really could go to improve the state of cyber security.

 

Thanks,
 
Bret
 
 
 
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 


signature.asc (859 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

[cti-users] RE: Who is doing what?

Struse, Richard

All,

 

As Dave Eilken pointed out, we will be establishing a formal interoperability SC within the OASIS CTI TC next week for exactly this purpose.  It is not in the interests of the CTI TC for any one individual, however well-meaning, to designate himself as either the representative of the CTI TC to the outside world as the primary conduit for this type of information.  Therefore, I would ask that anyone interested in sharing their use-cases and other implementation experiences do so with the designated representatives of the TC operating under the charter of the Interoperability SC.

 

Thank you.

 

Rich

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Jordan, Bret
Sent: Friday, September 04, 2015 2:31 PM
To: David Henry Eilken
Cc: [hidden email]
Subject: [cti-users] Re: Who is doing what?

 

I have a pretty good track record of honoring the implied NDAs when I talk with groups about what they are doing, helping them work through issues with STIX/TAXII, or discussing how they might use CTI in my vision of the SOC of the future.  

 

But to your request, I will be more than willing to share any information or anonymized version that I am told is public and not restricted.   I will, however, always share my summaries, conclusions, and take aways as those can be anonymized to a point where no intellectual property or trade secrets will be exposed. 

 

I just really want this research to help me do a better job representing the community.  

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

On Sep 4, 2015, at 12:09, David Henry Eilken <[hidden email]> wrote:

 

Bret,

 

I hope this kind of information can be pulled to together by the InterOP SC that’s been proposed. At the end of the day, we need to consolidate all of the STIX TAXII efforts in a vetted list that will help push standards maturity in the right direction. We can quickly get some specific (albeit qualitative) maturity parameters around what are ok/ good/ great (both for STIX & TAXII) implementations defined by the community.

 

I’m sure it would be greatly appreciated if you can pass on any info you gather to the SC once it’s formed. As I’ve said, I’ll be donating all of the STIX TAXII validation efforts Soltra has done to date.

 

Dave

 

From: [hidden email] [[hidden email]] On Behalf Of Jordan, Bret
Sent: Friday, September 04, 2015 10:41 AM
To: [hidden email]
Subject: [cti-users] Who is doing what?

 

I have a personal request.... I would like to get to know who is doing what today with CTI.  I would especially like to know if and what you are doing with STIX and TAXII, if you have embarked on that train. Please contact me off list to setup a time for us to chat, all information will be treaded as if under an NDA. This research will help me identify areas and way that we can improve things or keep things the same in the standards body, especially the TAXII side of the house.  

 

For example, I just had a call with Intelworks and saw their new product and talked through their needs, wants, and use cases.  And as a side note, WOW, if any of you are consumers and users of the CTI data itself, you really need to look at their solution.

 

For those that reach out to me, and agree to it, I might include you in an OpEd I am wanting to write about the state of CTI and where things are going, and where things really could go to improve the state of cyber security.

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 


smime.p7s (9K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

[cti-users] Re: Who is doing what?

Jordan, Bret
I am not looking at this as a formal interoperability exercise, and as I said in my email, this is a personal request.  So yes, I would love to talk to everyone that is doing something in and around CTI, please contact me off list to discuss.

Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Sep 4, 2015, at 14:20, Struse, Richard <[hidden email]> wrote:

All,
 
As Dave Eilken pointed out, we will be establishing a formal interoperability SC within the OASIS CTI TC next week for exactly this purpose.  It is not in the interests of the CTI TC for any one individual, however well-meaning, to designate himself as either the representative of the CTI TC to the outside world as the primary conduit for this type of information.  Therefore, I would ask that anyone interested in sharing their use-cases and other implementation experiences do so with the designated representatives of the TC operating under the charter of the Interoperability SC.
 
Thank you.
 
Rich
 
From: [hidden email] [[hidden email]] On Behalf Of Jordan, Bret
Sent: Friday, September 04, 2015 2:31 PM
To: David Henry Eilken
Cc: [hidden email]
Subject: [cti-users] Re: Who is doing what?
 
I have a pretty good track record of honoring the implied NDAs when I talk with groups about what they are doing, helping them work through issues with STIX/TAXII, or discussing how they might use CTI in my vision of the SOC of the future.  
 
But to your request, I will be more than willing to share any information or anonymized version that I am told is public and not restricted.   I will, however, always share my summaries, conclusions, and take aways as those can be anonymized to a point where no intellectual property or trade secrets will be exposed. 
 
I just really want this research to help me do a better job representing the community.  

 

Thanks,
 
Bret
 
 
 
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 
 
On Sep 4, 2015, at 12:09, David Henry Eilken <[hidden email]> wrote:
 
Bret,
 
I hope this kind of information can be pulled to together by the InterOP SC that’s been proposed. At the end of the day, we need to consolidate all of the STIX TAXII efforts in a vetted list that will help push standards maturity in the right direction. We can quickly get some specific (albeit qualitative) maturity parameters around what are ok/ good/ great (both for STIX & TAXII) implementations defined by the community.
 
I’m sure it would be greatly appreciated if you can pass on any info you gather to the SC once it’s formed. As I’ve said, I’ll be donating all of the STIX TAXII validation efforts Soltra has done to date.
 
Dave
 
From: [hidden email] [[hidden email]] On Behalf Of Jordan, Bret
Sent: Friday, September 04, 2015 10:41 AM
To: [hidden email]
Subject: [cti-users] Who is doing what?
 
I have a personal request.... I would like to get to know who is doing what today with CTI.  I would especially like to know if and what you are doing with STIX and TAXII, if you have embarked on that train. Please contact me off list to setup a time for us to chat, all information will be treaded as if under an NDA. This research will help me identify areas and way that we can improve things or keep things the same in the standards body, especially the TAXII side of the house.  
 
For example, I just had a call with Intelworks and saw their new product and talked through their needs, wants, and use cases.  And as a side note, WOW, if any of you are consumers and users of the CTI data itself, you really need to look at their solution.
 
For those that reach out to me, and agree to it, I might include you in an OpEd I am wanting to write about the state of CTI and where things are going, and where things really could go to improve the state of cyber security.

 

Thanks,
 
Bret
 
 
 
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 


signature.asc (859 bytes) Download Attachment