A Collection of Information Security Community Standardization Activities and Initiatives

Cyber Threat Information Sharing

To fully realize the benefits of cyber intelligence, organizations need to share cyber threat information, if not defensive strategies and more, with trusted partners. By sharing threat information, defenders gain valuable insights into an attacker’s current and future attack objectives. "My detection becomes your prevention" as threat information is shared quickly between partners. In addition, the broader data set improves the defenders’ ability to predict future attacker behavior and create more dynamic defenses.

By understanding adversaries’ behavior against a range of targets over a period of time, defenders can identify a set of indicators and a robust set of adversary tactics, techniques, and procedures (TTPs).

Current cyber threat information sharing, however, is often either a time-consuming, manual process or a limited-scope automation effort tied to a particular cyber threat information sharing community or technology.

The Trusted Automated eXchange of Indicator Information (TAXII) effort, a community-driven framework to facilitate cyber threat information sharing, fills this void. TAXII defines a framework of concepts, protocols, and message exchanges for exchanging cyber threat information to enable organizations to share the information they choose with the partners they choose.

TAXII is also the preferred method of exchanging information represented using the Structured Threat Information Expression (STIX™) language, enabling organizations to share structured cyber threat information in a secure and automated manner.