As we’ve heard, it is becoming increasingly necessary for a broad range of organizations to have a cyber threat intelligence capability. A key component of success for any such capability is information sharing opportunities with the partners, peers and others they elect to trust. Voluntary information sharing can help focus and prioritize the use of the immense volumes of complex cyber security information available to organizations today. Standardized, structured representations of this data make it tractable. The STIX language is meant to convey the full range of cyber threat information and strives to be fully expressive, flexible, extensible, automatable, and as human-readable as possible, while relying on relatively simple toolsets. But what does it take to make structured info sharing an operational reality? This session will describe operational implementations and real-world lessons learned from key implementers.
