NC4®, the leading company providing cyber and physical threat sharing is announcing a new program called the Cyber Defense Network for the Financial Services Industry (CDN/FS). The new program will include STIX/TAXII -based community cyber threat intelligence sharing among members coupled with defensive action capabilities that individual member companies can use. CDN will support several critical infrastructure industries but will begin with financial services. Members of the FS-ISAC will be eligible to participate in CDN/FS.
According to NC4 founder Aubrey Chernick, “Given the increasing threats to the financial services industry, it’s imperative to improve the cyber defense for the industry at large as well as for individual members. CDN/FS will begin with initial defensive measures that will grow over time.”
The cyber threat intelligence side of CDN/FS is a cloud-based solution that takes advantage of STIX/TAXII -based standards. Cyber threat intelligence professionals of member organizations will be able to create anonymous threat indicators to share with other members and will leverage both the NC4 Mission Center™ cyber threat sharing tools and Soltra Edge® tools. NC4 purchased Soltra Edge from FS-ISAC and DTCC in late 2016. Creation of cyber threat indicators will be facilitated by extraction technology for both threaded discussions and emails. Members will also receive threat indicators from the DHS/AIS program. In addition, members will be able to rate and comment on threat indicators and see trending threat indicators through a CDN Dashboard.
In order to makes decisions on what to action, CDN/FS will initially provide a manual based mechanism for authorized threat intelligence or operations users such as Security Operations Center (SOC) or Network Operations Center (NOC) staff. Later, CDN/FS implementations will include a rules engine mechanism that will enable both automated actions and “human-on-the-loop” actions. These measures are intended to increase the effectiveness, efficiency and timeliness of cyber threat response and are inspired by the Integrated Adaptive Cyber Defense (IACD) initiative lead by Johns Hopkins University and the NSA. There will be an audit and log mechanism for action taken manually or through a rules engine.
Action implementations will initially focus on blocking access to malicious sites and documents. According to the 2017 Verizon Data Breach Investigations Report (DBIR), phishing and spearfishing attack vectors are increasing. Implementation of these blocking activities will be through companies that support STIX/TAXII typically in the next generation firewalls – beginning with Cisco/FMC.
Bill Nelson, President and CEO of the FS-ISAC noted, “FS-ISAC supports our affiliate partners in their efforts and goals to improve the effectiveness of community cyber threat sharing while also enabling proactive defense. NC4’s new initiative – Cyber Defense Network for Financial Services – is aligned with the overall sector objectives to improve how intelligence is shared and acted upon.”
The initial phase of CDN/FS is intended to start later in 2017. For more information, please visit www.nc4.com/pages/CDN.aspx.
Stop by the NC4 booth/charging station at the FS-ISAC fall summit to hear more information about the Cyber Defense Network. Also check out our presentation “Four Years on the Edge” on Wednesday at 11:30am in the Governance Track to hear a discussion on machine-to-machine security technologies using existing standards.