The Threat Hunter Blog
Well, after a bit of travel that slowed me down, we're ready to wrap up our introduction to STIX. We ended last time on a high level overview of the APT1 campaign as presented by Mandiant/FireEye. That top level looked a bit like Figure 1:
Now we come to a useful application of STIX: characterizing a campaign.
We ended up last time with an introduction to the use of STIX and TAXII for threat hunting. Our last topic was STIX indicators so that's a good place to start this time.
Today I'm starting a three parter that will introduce you to STIX, a neat way of documenting and understanding your threat hunting targets.
I enjoy following darknet.org.uk because they come up with some great proof of concept projects. Twittor is one of those.
About Dr. Stephenson
About Product Reviews
Starting with a goal several years ago to include more and varied products and services in our monthly Group Tests and First Looks, we established our U.S.-based testing team, which includes SC Lab staff and a network of external experts who are respected industrywide.
The diligence and commitment to excellence made by these staff and other members of our editorial team have made our Product Reviews one of the most well-read sections of our magazine and website. As a result, they remain the most objective, thorough and best in the industry.
We developed second sets of standards specifically for the groups under test and use the Common Criteria (ISO 1548) as a basis for the test plan. Group Test reviews focus on operational characteristics and are considered at evaluation assurance level (EAL) 1 (functionally tested) or, in some cases, EAL 2 (structurally tested) in Common Criteria-speak.
Our final conclusions and ratings are subject to the judgment and interpretation of the tester and are validated by Technology Editor Peter Stephenson. All reviews are vetted for consistency, correctness and completeness by Stephenson and his team prior to being submitted for publication. All prices quoted are in American dollars.
Additionally, each December we select the past year's Innovators, those companies that have shown sustained innovation and performance and have contributed materially to the growth of our industry.
As well in December, among the Innovators, we honor a few companies with induction into the SC Magazine Hall of Fame. This is reserved for our best of the best. That is not a simple or knee-jerk kind of decision, either. There are lots of organizations - large and small - that have cool products and, in fact, there are publications that address the "cool product" issue quite well. We, on the other hand, are concerned that, no matter how cool the product is, the company will be around in one form or another for quite a while.
The recipient needs to be a demonstrated innovator. That is not a one-year proposition. That means sustained performance. The company also needs to show depth. That means that not just the product or service is innovative, the organization itself must demonstrate an innovative approach to its business and the market. Third, the winners need to be responsive to real challenges, and those challenges need to be important over time to an identifiable segment of the market.
Finally, our Hall of Famers need to demonstrate in other ways - such as winning Best Buy, Recommended and other SC Magazine designations - that they have reached the level of excellence that belongs in the Hall of Fame and have sustained that level of excellence over time.
Each month, Peter Stephenson introduces the Product Section of SC Magazine. As many of our loyal readers likely are aware, Stephenson has worked with SC Magazine in some capacity for years.
In addition to overseeing SC Magazine's reviews, Stephenson also is CISO of Norwich University. His areas of expertise include information assurance and risk, information warfare, counter-terrorism, and digital investigation and forensics. He teaches information assurance, network attack and defense, digital forensics and cyber investigation on both the graduate and undergraduate levels.
He started his 40-year career as a U.S. Navy cryptographer, then moved into the private sector where he operated his own information security consulting practice for some 20 years. Navigating the industry and his career with aplomb, he then became director of technology for the global security practice of Netigy Corporation and was, until July 2003, the director of technology and a research coordinator for QinetiQ Trusted Information Management, a large international information security professional and managed services company.
In short, Stephenson knows a thing or two about IT security
For more information, click on the links below.
How we test
Sample product reviews submission form (PDF download)
Submit a product for review
Click here to download our 2015 editorial calendar
Sign up to our newsletters
SC Magazine Articles
- CISO salaries and demand for cyber-skills skyrockets, surprising no-one
- Student SSNs exposed in University of Central Florida breach
- Malwarebytes says sorry for multiple AV bugs, still unpatched
- Ransomware and POS attackers to zero in on small businesses, retailers
- TaxAct breached: Customer banking and Social Security information compromised
- Hacker threatens to expose info on DHS, FBI employees
- Avast patches its web browser after Google finds flaw in Chromium-inspired product
- Draft bill seeks to improve U.S. military cyber warfare capabilities
- Skype targeted by T9000 backdoor trojan
- Clean house to keep WordPress infection from coming back again and again