Time
4 hours 12 minutes
Difficulty
Advanced
CEU/CPE
5

Video Transcription

00:05
Now let's move to the third type off standards, which is transport standards and particle. We will start with the first standard, which is T L P
00:15
Till distance for traffic light protocol. And it is a simple particle used to label sensitive information to ensure that only the correct audience is given access to it.
00:27
Shared information is tagged with one off the four colors. Red, amber, green or white red means that on Lee to be used by you and not to be spread to all our people, even within your own organisation. Amber means that this information
00:46
is to be used
00:48
and shared with your co workers within your organization,
00:52
on a need to know basis, and with your clients or customers who need to know this information to protect themselves and prevent further damage. Green means that this information is not very sensitive and can be shared with your partners or peers, but not fear publicly accessible channels,
01:11
example,
01:12
websites and why it means that this information is public and can be shared freely, taken into account standard corporal rituals.
01:23
The second standard from the same category is sexy
01:26
taxi stands for trusted automated exchange off indicator information. The first draft was proposed in 2012 and the curve version is 2.0.
01:40
Taxi is also introduced by Miter and now maintained by always is
01:47
taxi is an application protocol for exchanging threat intelligence over https. It defines arrest fel a P I, and set off requirements for Texas clients and servers. Taxi was specifically designed to support exchange of threat intelligence represented in sticks format
02:06
and support off exchanging
02:07
sticks to 0.0 content is mandatory to implement. Taxi design principles include minimizing operational changes. Needed for production
02:19
is the incineration with existent sharing agreements and support for all widely used threats sharing models, including her buns folk.
02:29
Here's to Pierre
02:30
and Soar subscriber
02:32
We've seen previously two examples off thread feed aggregators, limo and Hail a taxi. These are also called free taxi servers. In this slide, we took the example off limo, which is compatible with taxi to and sticks to. You can directly enable it through
02:51
implementing stacks machine in your environment or use it over a taxi client.
02:58
The list of standers that we've learned in this video doesn't include all the standards available on the market.
03:04
There are others that were not mentioned here. My choice was based on my experience and to my opinion. The miter pile, including side box sticks and taxi, is widely supported by several free and paid security products. So let me ask you this question. Can you survive without these standards?
03:24
My answer is off course you can,
03:28
and applying these standards is a nice tohave. But you can survive with just storing your intelligence in flat files and sharing it by email or any other means.
03:38
However, if you are thinking about long term usage off indicators that using these standards will make your life easier, especially for indexing, acquiring and sharing, I hope you enjoy this lesson and the next video and see together important part off data processing phase, which is
03:59
integration, and Storch.

Up Next

Advanced Cyber Threat Intelligence

Advanced Cyber Threat Intelligence will benefit security practitioners interested in preventing cyber threats. Learn how to leverage your existing data sources to extract useful information and find complementary information from external sources.

Instructed By

Instructor Profile Image
Alyssa Berriche
Instructor