Cyber Kill Chain

Lockheed Martin's Cyber Kill Chain

Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a
successful intrusion. An evolution in the goals and sophistication of computer network intrusions has rendered these approaches insucient for certain actors. A new class of threats, appropriately dubbed the Advanced Persistent Threat” (APT), represents well-resourced and trained adversaries that conduct multi-year intrusion campaigns targeting highly sensitive economic, proprietary, or national security information. These adversaries accomplish their goals using advanced tools and techniques designed to defeat most conventional computer network defense mechanisms. Network defense techniques which leverage knowledge about these adversaries can create an intelligence feedback loop, enabling defenders to establish a state of information superiority which decreases the adversary’s likelihood of success with each subsequent intrusion attempt. Using a kill chain model to
describe phases of intrusions, mapping adversary kill chain indicators to defender courses of action, identifying patterns that link individual intrusions into broader campaigns, and understanding the iterative nature of intelligence gathering form the basis of intelligence-driven computer network defense (CND). Institutionalization of this approach reduces the likelihood of adversary success, informs network defense investment and resource prioritization, and yields relevant metrics of performance and e ectiveness. The evolution of advanced persistent threats necessitates an intelligence-based model because in this model the defenders mitigate not just vulnerability, but the threat component of risk, too.

Source: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains

STIX and TAXII

STIX™ is a collaborative community-driven effort to define and develop a standardized language to represent structured cyber threat information. The STIX Language intends to convey the full range of potential cyber threat information and strives to be fully expressive, flexible, extensible, automatable, and as human-readable as possible.

TAXII™ defines a set of services and message exchanges that, when implemented, enable sharing of actionable cyber threat information across organization and product/service boundaries. TAXII, through its member specifications, defines concepts, protocols, and message exchanges to exchange cyber threat information for the detection, prevention, and mitigation of cyber threats. TAXII is not a specific information sharing initiative or application and does not attempt to define trust agreements, governance, or other non-technical aspects of cyber threat information sharing. Instead, TAXII empowers organizations to achieve improved situational awareness about emerging threats, enabling organizations to share the information they choose with the partners they choose.

Twitter Activated Vending Machines

While at a conference recently, a vendor was using a Twitter activated vending machine from Innovative Vending Solutions.

Each Twitter-activated vending machine incorporates a touch-screen interface to display the instructions to the consumer.  The consumer is prompted to “tweet” a specific #hashtag to a dedicated @handle from their mobile device.  Once the consumer tweets the @ and #, a product is immediately dispensed from the machine.  Apparently, the machine utilizes a unique hashtag that is specific to the machine, so you have to be standing directly in front of the machine in order to utilize this functionality.