Cybersecurity buzzwords, lingo, and Perch Slack secrets
TIP: Threat Intelligence Platform – Perch detects threat information stored in these; ISACs and ISAOs typically build their threat intel on a TIP product of their choice. [e.g. Soltra, Anomali’s ThreatStream, ThreatConnect]
ISAC/ISAO: Information Sharing and Analysis Centers/Organizations. Industry or sector-based groups that provide guidance/support to their members, including a threat intel repository. (This repository is built on a TIP.)
Alerts vs. Events: ‘Alerts’ have two meanings; to our customers, alerts and events are the same thing, users call them alerts, but we call them events, because of what’s in the code, events (what users call alerts) are actually composed of alerts (which are the raw ‘alert’ records from our sensors). When we show these events to our users, we call them alerts because it’d be weird to say that alerts are made of alerts.
SIEM: Security Information and Event Management – Software (typically sold with hardware) that centrally collects, stores, and analyzes logs from perimeter to end user. It monitors for security threats in real-time for quick attack detection, containment, and response with holistic security reporting and compliance management. When an attack occurs in a network using SIEM, the software provides insight into all the IT components (gateways, servers, firewalls, etc.). This is the piece that was required to connect to a TIP prior to Perch. Now, Perch will work with a SIEM, or on a network without one.
IDS: Intrusion Detection System (Perch is an IDS with the added feature of bi-directional communication with your threat intelligence provider).
Observables: Pieces of information: URLs, filehash.
IOC: Indicator of Compromise – collection of observables that strongly indicate cyber breach.
SEI: Software Engineering Institute – works closely with DHS for infosec.
US-CERT (Division of SEI): “We study and solve problems with widespread cybersecurity implications, research security vulnerabilities in software products, contribute to long-term changes in networked systems, and develop cutting-edge information and training to help improve cybersecurity.”
MSSP: Managed Security Service Provider – An MSSP would be interested in Perch to resell to their customers and most likely manage the alerts in lieu of our SOC.
STIX/TAXII: Structured Threat Intelligence Expression – Structured language for describing cyber threat information so it can be shared, stored, and analyzed in a consistent manner. TAXII (Trusted Automated eXchange of Intelligence Information) is the application layer protocol for communicating threat intelligence represented in STIX format. observables https://oasis- open.github.io/cti-documentation/
Log Management: The ability to maintain logs for required periods of time for compliance (PCI and HIPPA) and provide tools to run reports on that data.
**Slack: **When you’re invited to Slack you’ll be able to reach out to anyone that works for Perch and other clients.
Gif’s: /giphy (key word search) (e.g. /giphy Friday).
Commands: send a Perch approved message to the group by sending one of these (plain text!)Moe’s, Moes, Skyline Chili, Skyline, push it!, Pants, Busey, good news, holy moly, I love it, pair programming, Trolled, Magic!, Sexy, Giggs rap, giggs, rapper, rap, that sucks, you ready, doc-ument, Stiggs, street price, please make a ticket, Texan, stabby.
**Warm Welcome: **We encourage a‘Hello to the gang!’ You’ll immediately get a response from one of the many characters inside our clubhouse, aka Squawkbox.
**Skyline: **Don’t ask us why, but our CEO is slightly obsessed with their products. You’ll hear it more times than you’ll be able to count, and if you’re lucky you might even receive a taste sponsored by Perch.