Security firm Anomali announced on Nov. 21 the debut of its new free STAXX tool to receive threat intelligence feeds.
In the world of threat feeds, STIX (Structured Threat Information Expression)and TAXII (Trusted Automated eXchange of Indicator Information) are two core technologies that provide a standardized way for analysts to gain access to intelligence.
One of the primary ways that organizations have been able to consume STIX and TAXII is with the freely available Soltra Edge software that was being developed as a joint effort of the Financial Services Information Sharing and Analysis Center (FS-ISAC) together with the Depository Trust and Clearing Corporation (DTCC). But the Soltra Edge effort is now being shutdown.
The Anomali STAXX offering was built in direct response to the Soltra shutdown to help enable organizations to continue to easily benefit from STIX and TAXII.
"STAXX is an amalgamation and a hat-tip to STIX/TAXII, the most widely used language, services and message exchange protocol for describing cyber threat information," Hugh Njemanze, CEO of Anomali told eWEEK. "We are fully committed to supporting, and enhancing STIX/TAXII further as a founding member of the OASIS Cyber Threat Intelligence committee, the organization maintaining the STIX/TAXII standards."
Anomali is a security company that was originally known as ThreatStream and re-branded as Anomali in February. The company has raised $56 million in venture funding to date, including a $30 million Series C on April 21.
Anomali's products include platforms that help organizations to match customer log data against threat intelligence to fully identify potential indicators of compromise (IOCs). The STAXX offering is a new effort and isn't based on any existing Anomali product.
"STAXX is an Anomali-authored, purpose-built product, and is neither an open-source project re-bundled as an Anomali package, nor is it a stripped down ThreatStream engine," Njemanze said. "We released STAXX to provide an alternative for Soltra’s customers to help them access cyber threat intel from any STIX/TAXII server."
Njemanze added that there are no restrictions built into STAXX and organizations can configure as many feeds as they like. Anomali's goal is for STAXX to become the easiest, most efficient way to discover, access and manage threat intelligence feeds. Njemanze said that making STAXX free allows as many users and organizations as possible to gain access to valuable threat intelligence information.
From a deployment and installation perspective, Njemanze emphasized that just like Soltra, STAXX is offered completely free. Users just need to register at anomali.com/staxx, accept the license terms, and then download and install the STAXX software.
From there Anomali presents an intuitive wizard to configure STIX/TAXII feeds and begin accessing threat intelligence. STAXX can be deployed as a virtual appliance on a VMWare or Virtual Box instance.
STAXX also has a Linux installer for organization that want to deploy it on a native Linux instance. Currently STAXX is not available as a container, though Njemanze noted that Anomali could create a Docker container for STAXX as soon as there is enough demand.
In the first few days of availability for STAXX, Njemanze said that there has already been interest with Anomali's website traffic doubling over normal levels.
"We have seen hundreds of registrations and that appears to be accelerating as word gets out," Njemanze said. So far the overall feedback to STAXX from users has been positive with users reporting that the entire process of installation and configuration is simple and intuitive, Niemanze added.
Looking forward, Njemanze said that Anomali is already hard at work on the next STAXX release, which will provide out-of-the-box access to a number of pre-configured threat intelligence sources. Additionally, Anomali plans to integrate features of its ThreatStream portal and Anomali Reports solution with STAXX.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.