Threat intelligence sharing has been promoted as one type of offensive countermeasure that is both legal and effective. The formation of the Information Sharing and Analysis Centers (ISACs) in the US, and the establishment of the Threat Landscape Stakeholders Group within the European Agency for Network Information and Sharing (ENISA) are two examples of how defenders of the critical infrastructure are trying to use threat intelligence sharing to defend networks. No where has the debate been more pointed on the usefulness of this technique than within the Financial Services ISAC as members have had to defend their networks from almost constant distributed denial of service (DDoS) attacks for well over a year.
The volume of information is overwhelming most companies, however; thus the utility of threat intelligence sharing is limited for achieving the end goal of network defense. The FS-ISAC and the Depository Trust and Clearing Corporation (DTCC) are seeking to ameliorate that. Today they announced that their new federated platform for automated threat intelligence sharing has been launched under the new name Soltra Edge.
Based on the protocols developed by Mitre.org under contract to the U.S. Department of Homeland Security (DHS) Soltra Edge will launched later this year by a joint venture that has been set up by the FS-ISAC and the DTCC. These protocols are known as the Structured Threat Information eXpression (STIX) [for standardizing and anonymizing threat intelligence] and the Trusted Automated eXchange of Indicator Information (TAXII) [for transporting the STIX data].