Saturday, August 22, 2015
White Paper: Using Network Based Security Systems to Search for STIX and TAXII Based Indicators of Compromise
This paper does a pretty good of highlighting tools to detect that an organization has been breached and hopefully that will be caught very early in the process.
First we meet Mandiant led, Common Indicators of Compromise, (IOCs). Not rocket science, but really helpful: hashes of known malicious files, IP addresses or DNS names, and much more. The next piece of the puzzle are Uber competitors, STIX and TAXII. Well actually, they are an NIST standard that looks like they will stick. Mostly you read some high level mumbo jumbo about them, but this is your chance for a deep dive, or at least a 3 atm free dive. These are real, concrete examples.
If you are a senior cybersecurity manager, you eyes will glaze over when you get to the good stuff. But before you close the paper, scan down, find an example or two you are comfortable with. Copy them off and keep them in a folder. When you are part of a job interview for a senior security engineer position, the kind of person that commands a $140k salary, bring out the folder and ask them to tell you about it.
I encourage you, your employer encourages you, to at least speed read the paper which is available here.