Key Cyber Threat Intelligence Sharing Standards Put to the Test
Boston, MA, USA, 18 October, 2022 – The OASIS Cyber Threat Intelligence Technical Committee (CTI TC) conducted its first STIX 2.1 and TAXII 2.1 PlugFest, hosted by Peraton. Members of the CTI TC confirmed the multi-vendor interoperability of their CTI tools and verified their compliance with the STIX 2.1 and TAXII 2.1 Interoperability Test Documents.
The STIX and TAXII standards are widely used to prevent and defend against cyberattacks by enabling threat intelligence to be analyzed and shared among trusted partners and communities. The CTI TC Interoperability Subcommittee (SC) helps guide adherence to CTI TC-promulgated standards and interoperability between CTI TC standards-based implementations, while encouraging standards maturity throughout the industry.
“The PlugFest was a collaborative, hybrid experience with both in-person and virtual attendees. It was a successful event, with levels of interoperability achieved among the participants,” said CTI TC Interoperability SC co-chair, Kartikey Desai, of MITRE. “Participants shared ideas about user interfaces and features while planning future opportunities for more efficient data creation and processing.”
“This event brings visibility to the growing list of organizations that support interoperability adoption,” said Marlon Taylor of the U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency (DHS CISA), who co-chairs the Interoperability SC with Desai. “We encourage any organization involved in CTI to collaborate with us and demonstrate their support for STIX and TAXII at future PlugFest events.”
“We have always given great importance to STIX2/TAXII2 interoperability testing and are fortunate to have participated in many PlugFest events over the years, ever since the very first PlugFest in 2018,” said Koji Yamada, Research Manager at Fujitsu System Integration Laboratories LTD. “In this year’s PlugFest, although we passed most interoperability tests, we have identified areas for future improvement. We strongly encourage all software vendors that use STIX 2.1 and TAXII 2.1 standards to participate in future PlugFest interoperability events.”
“Participation in PlugFest events shows vendor commitment to STIX and TAXII interoperability compliance,” said Marlon Taylor. “Standardizing the promotion of STIX and TAXII compliance would ease consumer evaluation of interoperable STIX and TAXII products.”
OASIS and the CTI TC’s Interoperability Subcommittee commends all participants for a successful event and is grateful to Peraton for hosting the PlugFest at their facility outside Washington, DC.
Any organization that is developing STIX 2.1/TAXII 2.1 capabilities is encouraged to get involved. Organizations interested in participating in the OASIS CTI TC Interoperability Subcommittee and future events should contact email@example.com.
About STIX 2.1 and TAXII 2.1
Structured Threat Information Expression (STIX) v2.1 and Trusted Automated Exchange of Intelligence Information (TAXII) v2.1 are widely used to prevent and defend against cyberattacks by enabling threat intelligence to be analyzed and shared among trusted partners and communities. The STIX standard defines a JSON-based language for sharing structured threat intelligence in a consistent, machine-readable manner, allowing organizations to better protect against, detect, and respond to cyber threats. STIX v2.1 adds new objects and capabilities, enabling it to better describe the cyber threats we confront today, as well as future-proofing STIX via STIX Extensions. As a result, STIX v2.1 creates a solid and stable foundation for vendors and consumers alike to exchange actionable CTI.
The TAXII standard defines a transport protocol which supports the exchange of STIX data over Hyper Text Transfer Protocol Secure (HTTPS). TAXII enables machine-to-machine sharing of CTI by defining an API that supports common sharing models used by industry and Information Sharing and Analysis Organizations (ISAOs).