To deliver effective information sharing and threat intelligence, the security industry must settle on a single set of threat-sharing standards, says David Duncan of the Internet security firm Webroot.
While many organizations favor two standards - STIX (structured threat information expression), a standardized language that represents structured threat information, and TAXII (trusted automated exchange of indicator information), the transport mechanism to share cyberthreat information between computers - he says multiple options remain under consideration.
In an interview at the RSA Conference 2015, Duncan also discusses:
- Trends at the RSA Conference 2015, including threat intelligence, next-generation security and the Internet of Things;
- The challenge faced by disparate vendors as they attempt to create "a holistic threat-sharing model"; and
- Malicious IP trends: How frequently known-bad IP addresses disappear, and new ones take their place.
Duncan is chief marketing officer of Webroot. Previously, he served as managing director of storage and data security firm Imation, and president and managing director of encryption and digital rights management firm EncryptX, which he co-founded, and which was acquired by Imation. He's also served as an intelligence collection specialist, cryptologist and information security manager for the U.S. Air Force and the National Security Agency.