Cyber threat intelligence (CTI) sharing is a low barrier to entry, high return on investment method for improving an organization’s cybersecurity maturity. Sharing actionable threat intelligence—to include known-bad IP addresses, URLs, and file hashes—with trusted partners creates a powerful defensive web that transforms one organization’s detection into protection for remaining partners.
In healthcare, CTI sharing benefits have not been fully realized. The technology has matured with the emergence of standards and supporting tools, and the timing is excellent for making demonstrable CTI sharing progress. This presentation will delve into the key tools and technologies that make CTI sharing possible; it will explain the Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) CTI sharing standards, describe current CTI sharing tools, and enumerate healthcare CTI sharing success stories and lessons learned.
Explain the Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) standards and how they enable automated cyber threat sharing
Identify and describe threat sharing tools that leverage STIX and TAXII and how they can be effectively used in your environment
Discuss STIX/TAXII use cases and implementation success stories that showcase effective cyber threat sharing and highlight key lessons learned
Describe what a cyber threat–based defense is and how it is effective in combatting sophisticated cyber adversaries