Speaker: Trey Darley, Director of Standards, New Context
Session Track: Analytics, Intelligence & Response
Session Code: AIR-F02
Scheduled Date: April 20, 2018
Scheduled Time: 10:15 AM – 11:00 AM
Imagine a world in which information-security vendors’ products all spoke a common language out of the box. Picture a world in which your security analysts and incident-responders didn’t have to address emerging threats isolated within the silo of your organization, but could leverage the collective intelligence of other security professionals confronting the same emerging threats in other organizations via information-sharing trust groups. This is the world we are building, and it all starts with open standards, including STIX.
The STIX Patterning Language is perhaps the most innovative addition to STIX 2.0, yet it is poorly understood. Trey Darley, Director of Standards at New Context explains that beyond describing IOCs, powerful new capabilities are being added as the language evolves towards the ultimate vision of an open interchange format for vendor-agnostic sharing of advanced analytics (such as SIEM correlation rules) across organizations and platforms.
Trey’s discussion will leave you with a better understanding of the power of STIX Patterning and a vision for why you should be demanding adoption by your tool vendors. He also wanted to make life easier for folks coming up to speed on STIX Patterning and created a handy, quick reference card. Printed copies of the STIX Patterning quick reference card will be available during Trey’s presentation and at the New Context booth, as well.