'Security Intelligence' was a strong theme at RSAC 2014. This covered a wide gamut of activities, including the collection of data; analysis of collected data leading to actionable intelligence products, covering indicators that can be used for detection; and knowledge that can be used to enrich analysis post-detection, preferably with predictive value too. These cycles of the intelligence development process seemed to cover a large portion of the sessions, vendor messaging on the show floor as well as conversations that extended to the blogosphere, most notably here.
We made our own contribution to intelligence sharing at the RSA conference this year. We published a new Threat Advisory analyzing a new campaign called STTEAM targeting the Oil and Gas industry in the Middle East. We became aware of this threat when a specific organization was attacked and our investigation revealed a number of other targets across the region. This led to us publishing the paper with indicators that could be used by security analysts to determine if they saw signs of a compromise in their environments and by security researchers, who look to correlate our findings with their investigations into similar campaigns, potentially by the same threat actors.
We've also announced our partnership with ThreatConnect, a platform that allows for collaboration between security researchers through sharing of threat intelligence. Users can now directly import indicators that have been shared through ThreatConnect.
Additionally, we continue to invest in our integration of Yara, the fast-emerging standard in describing and classifying malware. While this provides our customers with another way of detecting and acting upon malicious activity in real time, it also enables them to share information about malware with others in the community, whether or not they use Fidelis XPS.
The conversations at RSAC 2014 helped confirm that while many of us in the research community continue to develop and distribute our own threat intelligence, more has to be done to allow enterprises to leverage the broader pool of intelligence that exists across industry and government. We look forward to participating in the realization of that goal.