News & Events
MITRE Hosts CybOX Booth at InfoSec World 2013
MITRE hosted a "Strengthening Cyber Defense" booth that included CybOX at InfoSec World Conference & Expo 2013 at Walt Disney World Swan and Dolphin in Orlando, Florida, USA, on April 15-17, 2013.
Visit the CybOX Calendar for information on this and other events.
CybOX Version 2.0 Now Available
Version 2.0 of the CybOX Language is now available on the CybOX Web site. This is a major version release, per the CybOX Language Version Policy.
Version 2.0 includes the following updates: significant changes to the CybOX Object model, easing implementation and extensibility; moved many usages of enumerations and strings to controlled vocabularies with CybOX-provided defaults as well as extension mechanisms; created PDF File Object, Custom Object, Link Object, and Socket Object; and refined the expression of Observable patterns through new pattern conditions and associated attributes.
A detailed list of changes is available in the Release Notes posted on the CybOX Language Version 2.0 page.
Feedback is welcome on the CybOX Discussion email list and/or directly to cybox@mitre.org.
CybOX and STIX Mentioned in Forrester Research Report about Cyber Threat Intelligence
CybOX and Structured Threat Information Expression (STIX™) are mentioned in a January 15, 2013 report about cyber threat intelligence entitled "Five Steps To Build An Effective Threat Intelligence Capability" by Forrester Research, Inc. that is available for purchase on the Forrester Web site.
CybOX is mentioned as step number 5 in a section entitled "Your Threat Intelligence Journey," in which the author states: "Step No. 5: Derive Intel: Search for indicators of compromise (IOCs). When attackers compromise organizations, they leave behind evidence. An analyst can piece together these breadcrumbs to understand the anatomy of an attack. An IOC "is a forensic artifact or remnant of an intrusion that can be identified on a host or network." Organizations should be able to quickly query endpoints and networks looking for these IOCs. Several competing frameworks exist for tracking IOCs. They include: MITRE’s Cyber Observable eXpression (CybOX), Mandiant-sponsored OpenIOC, and community-sponsored Incident Object Description and Exchange Format (IODEF)."
STIX is mentioned as consideration number one in a section entitled "Three Special Considerations for Your Intelligence Journey," in which the author states: "No. 1: You Should Be Sharing Intelligence. Intelligence sharing has traditionally been a manual process, built on personal relationships and typically delivered through privately vetted lists. This manual process has devalued some intelligence because it cannot disseminate it in a timely fashion. You should use a framework for sharing intelligence. In addition to the IOC frameworks mentioned above, a new framework, Structured Threat Information Expression (STIX), has emerged. STIX is sponsored by the Department of Homeland Security (DHS) and maintained by MITRE. STIX aims to make intelligence sharing with context occur at wire speed."
The report is also available for purchase as a webinar.
Photos from CybOX Booth at RSA 2013
MITRE hosted a "Strengthening Cyber Defense" booth that included CybOX at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013.
Strengthening Cyber Defense booth photos:
Visit the CybOX Calendar for information on this and other events.
MITRE to Host CybOX Booth at InfoSec World 2013, April 15-17
MITRE will host a "Strengthening Cyber Defense" booth that includes CybOX at InfoSec World Conference & Expo 2013 at Walt Disney World Swan and Dolphin in Orlando, Florida, USA, on April 15-17, 2013. Attendees will learn how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.
Members of the CybOX Team will be in attendance. Please stop by Booth 313 and say hello!
Visit the CybOX Calendar for information on this and other events.
MITRE Hosts CybOX Booth at RSA 2013
MITRE hosted a "Strengthening Cyber Defense" booth that included CybOX at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013.
Visit the CybOX Calendar for information on this and other events.
Cyber Attack Analysis and Information Sharing Briefing at IPA Critical Infrastructure Information Security Symposium 2013
CybOX Program Manager Sean Barnum presented a briefing entitled "Cyber Attack Analysis and Information Sharing in the U.S.: Promoting the sharing and utilization of the Analyzed Information" that included discussion of Trusted Automated eXchange of Indicator Information (TAXII™), Structured Threat Information Expression (STIX™), and Cyber Observable eXpression (CybOX™) at IPA Critical Infrastructure Information Security Symposium 2013 on February 22, 2013 in Chiyoda-ku City, Tokyo.
Visit the CybOX Calendar for information on this and other events.
Information Sharing Discussion Panel at ShmooCon 2013
CybOX Program Manager Sean Barnum moderated a discussion panel entitled "Is Practical Information Sharing Possible?" that included discussion of Trusted Automated eXchange of Indicator Information (TAXII™), Structured Threat Information Expression (STIX™), and Cyber Observable eXpression (CybOX™) at ShmooCon 2013 on February 17, 2013 in Washington, D.C., USA.
Visit the CybOX Calendar for information on this and other events.
CybOX 2.0 Now in Development
Version 2.0 of the CybOX Language is now actively under development.
Community feedback and our own internal reviews have identified several important ways to simplify and improve the CybOX Language, but many of them will likely not be backwards compatible. Over the next few weeks, we will be posting specific proposals to the CybOX Community Discussion List for community review. If you are interested in being part of this conversation, we encourage you to join the CybOX Community Email Discussion List.
We are also very much interested in any additional feedback that you might have on CybOX in general and your ongoing guidance as we mature the language. We look forward to working with the community to create the next version of the CybOX Language. Please direct your comments to the CybOX Community Discussion List, or you may contact us at cybox@mitre.org.
Information Sharing Discussion Panel at ShmooCon 2013, February 17
CybOX Program Manager Sean Barnum will moderate a discussion panel entitled "Is Practical Information Sharing Possible?" that will include discussion of Trusted Automated eXchange of Indicator Information (TAXII™), Structured Threat Information Expression (STIX™), and Cyber Observable eXpression (CybOX™) at ShmooCon 2013 on February 17, 2013 in Washington, D.C., USA.
The discussion panel will focus on information sharing in today’s complex environment. "Numerous government policies require sharing of information across agencies and with the public. And as more and more corporations discover they and their peers have been compromised, IT security organizations face more pressure to share attack and threat information internally and with external partners. … If your organization isn’t prepared to act on the data in a meaningful and efficient manner, what is the point of sharing? [By] the end of the discussion you’ll have a better idea as to whether threat information sharing is right for your organization and how to successfully integrate it into your information security program."
Visit the CybOX Calendar for information on this and other events.
Cyber Attack Analysis and Information Sharing Briefing at IPA Critical Infrastructure Information Security Symposium 2013, February 22
CybOX Program Manager Sean Barnum will present a briefing entitled "Cyber Attack Analysis and Information Sharing in the U.S.: Promoting the sharing and utilization of the Analyzed Information" that will include discussion of Trusted Automated eXchange of Indicator Information (TAXII™), Structured Threat Information Expression (STIX™), and Cyber Observable eXpression (CybOX™) at IPA Critical Infrastructure Information Security Symposium 2013 on February 22, 2013 in Chiyoda-ku City, Tokyo.
Visit the CybOX Calendar for information on this and other events.
MITRE to Host CybOX Booth at RSA 2013, February 25 – March 1
MITRE will host a "Strengthening Cyber Defense" booth that includes CybOX at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013. Attendees will learn how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.
Members of the CybOX Team will be in attendance. Please stop by Booth 2617 and say hello!
Visit the CybOX Calendar for information on this and other events.
MITRE Announces Initial CybOX Calendar of Events for 2013
MITRE has announced its initial CybOX calendar of events for 2013. Details regarding MITRE’s scheduled participation at these events are noted on the CybOX Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.
- ShmooCon 2013, February 17, 2013
- RSA Conference 2013, February 21-March 1, 2013
- InfoSec World Conference & Expo 2013, April 15-17, 2013
- Black Hat Briefings 2013, July 27-August 1, 2013
Other events may be added throughout the year. Visit the CybOX Calendar for information or contact cybox@mitre.org to have MITRE present a briefing or participate in a panel discussion about CybOX™ at your event.
|
