webinar register page

Webinar banner
IOB: Tracking adversary behaviors closes gaps in cyber threat intelligence sharing
There is a significant gap in CTI sharing when that sharing is solely focused on IOCs. IOCs by their very nature have a limited time window of being actionable towards network defense. While significant progress has been made in responding to IOCs through automation, there remains a clear need for sharing data that can help a community of network defenders proactively defend against advanced attacks. This need led to the founding of our effort to define Indicators of Behavior (IOBs).

IOBs are dynamic digital impressions and identifiers that monitor the interaction of foreign bodies with host systems or networks. From a threat detection and awareness perspective, IOBs help add context. They also help you understand the behavior of potential cyber attackers.

The goal of our IOB effort at OCA is to create a standard way to represent cyber adversary behaviors to make it easier to:
~~share repeatable sets of observed adversary behaviors spanning multiple campaigns,
~~share the analytics to detect those behaviors, and
~~create and share playbooks to correlate those detections.

We’ve seen that an effective defense couldn’t happen without leveraging the power of community, but it also couldn’t happen without a common language to share information. The STIX and TAXII standards help to provide the key to achieving our OCA-IOB results.

During this panel, our guest speakers will share information on the work being done at OCA-IOB that allows actionable threat intelligence to be shared across multiple communities at machine speed and how that intelligence can translate directly into detections and correlations that are both repeatable and have lower false positive rates. They’ll review how past experiences with CTI sharing impacted this work, what’s behind the motivation to represent adversary behavior, and provide access to several reference implementations and analysis capabilities, and finally, how and why you should be involved in the next evolution of OCA-IOB.

Mar 1, 2023 11:00 AM in Eastern Time (US and Canada)

Webinar is over, you cannot register now. If you have any questions, please contact Webinar host: .