The FedGov Feed: Made Possible by STIX and TAXII

Posted on Jan 15, 2018

Robust cybersecurity is critical to most businesses, but few organizations know the importance of secure network defense better than the Department of Homeland Security (DHS).  Because of DHS's responsibility to protect the U.S., the provision of a staunch defense for its networks and threat intelligence sharing is critical. 

Cyber Threat Intelligence | The FedGov Feed

Sharing of Cyber Threat Intelligence (CTI) is vital for defense against attacks on U.S. infrastructure. DHS is charged with sharing threat intel with federal agencies and the private sector. The FedGov feed, which is specifically for sharing CTI between federal agencies, is one of the most important data collections to meet the need for fast, actionable, and secure threat intel.

Since cyber threat intelligence in the FedGov feed comes from many sources, it would be natural to assume that the management of incoming threat intel would be unmanageable. With many data formats, analysts would spend a significant amount of time "translating" incoming CTI at the expense of responding to cyber threats. The FedGov feed, however, uses the STIX, TAXII, and CyBox standards. By normalizing all cyber threat intelligence in STIX and sharing it via TAXII, it can be easily shared and understood by all parties. STIX (Structured Threat Information eXpression) is a representation of cyber threat intelligence in the form of CyBox and STIX/TAXII-based platforms transfer CyBox across the FedGov feed via TAXII (Trusted Automated eXchange of Indicator Information). Using the eight STIX constructs, instead of just indicators and observables, enables more effective use and management of CTI including courses of action to move from reactive to proactive. TAXII isn't a sharing program, and it does not embody a set of trust agreements, but it does standardize the method of transferring cyber threat intelligence. Using Soltra Edge®, a platform that fully supports the STIX and TAXII standards, to send and receive the FedGov feed can exponentially improve cybersecurity: it makes sharing actionable cyber threat intelligence fast.   

With cyberattacks increasing in sophistication, speed, and severity for DHS and other federal agencies, analysts don't have time to wade through volumes of disparate CTI data. Thanks to STIX and TAXII, they don't have to. STIX and TAXII facilitate automated cyber threat intelligence sharing and enables analysts to take action on relevant threats with precision. STIX/TAXII-compliant software empowers DHS analysts to spend less time with busy work and more time countering threats to critical infrastructure.

Secure sharing of threat intel in a common language is the foundation of cybersecurity. NC4 is excited to support the FedGov feed which, through the implementation of STIX/TAXII, gives DHS another tool to maximize resources and keep the United States safe.  

To experience revolutionary, industry-driven fully STIX/TAXII compliant software, Soltra Edge is your best choice. It was the first and is the best to work with FedGov. Don't believe us? Check it out for yourself, here.

 

Latest Blog Posts


Blog Categories

Contact Us

Which of our solutions are you interested in?*