NZITF deploys EclecticIQ to share cyber threat information
- 10 November, 2016 14:32
The New Zealand Internet Task Force (NZITF) has opted for EclecticIQ’s threat intelligence platform to share information about malware and other online threats among its members and with New Zealand's wider cyber security community.
Task force members will have access to the EclecticIQ platform through an online portal. According to EclecticIQ its platform “automatically collects intelligence from diverse sources; enables collaborative internal workflows; integrates with enterprise security technologies; and supports secure exchanges with external information-sharing communities.”
NZITF chair, Barry Brailey, said information sharing was an important part of working to combat cyber threats, and a tactical imperative as the number of global security incidents continued to rise.
"The EclecticIQ platform provides a central hub for us to gather, digest, normalise and de-duplicate intelligence from our member base,” he said.
“We can streamline and funnel information coming from many different places into a single view, giving us instant access to information that we've previously only ever shared via email and face to face."
He described the task force’s decision to use EclecticIQ as “a step along the road towards more automated data sharing for the task force which, ultimately, is a good thing for New Zealand's overall security posture.”
EclecticiQ says the platform “consolidates cyber threat intelligence from multiple sources to foster in-depth analysis and enables easier information sharing with trusted partners.”
It uses STIX and TAXII, which are OASIS open-source standards enabling automation of threat intelligence and incident response workflows.
STIX (Structured Threat Information eXpression) is a standardised language to represent structured information about cyber threats. It has been developed so it can be shared, stored and otherwise used in a consistent manner that facilitates automation and human assisted analysis, according to EclecticIQ.
TAXII (Trusted Automated eXchange of Indicator Information) is a collection of services and message exchanges to enable the sharing of information about cyber threats across product, service and organisational boundaries. It is a transport vehicle for STIX and a key enabler of widespread threat information exchange.
Deployment and support of the EclecticIQ platform is being performed by EclecticIQ's New Zealand representative, Cosive, a specialist in incident response and threat intelligence.
A presentation on how NZITF plans to make use of EclecticIQ's Threat Intelligence Platform will be given at the NZITF conference in mid-November.