1
Events & MetaData Utopia Workflow Engine IOC Database Case Files Malware Artifacts Packet Captures Attacker DB Target DB Data Transformation Forensics Images Disk & Memory Malware Analysis Malware Packaging Secure Data Transfer Secure Data Transfer Information Sharing Partners Events & MetaData Utopia Workflow Engine IOC Database Data Capture Data Normalization Data Insertion/ Updates Information Sharing Partners Secure Data Transfer Case Files Malware Artifacts Packet Captures Attacker DB Target DB Data Transformation OE SDK API OE DRI STIX PKG OmniEngines Network Taps NW SDK API NW DRI STIX PKG NetWitness Network Taps AS SDK API AR DRI STIX PKG ArcSight Event Sources Packets & MetaData Packets & MetaData Events & MetaData MM SDK API MM DRI STIX PKG MANDIANT MIR MIR Agents IOCs & Result MetaData CP SDK API CP DRI STIX PKG Check Point Firewalls IP SDK API IP DRI STIX PKG IronPort Mail Servers F5 SDK API F5 DRI STIX PKG F5 BIG-IP INTERNET INTRANET IB SDK API IB DRI STIX PKG Infoblox DNS Servers Services Policy & Objects Policies & Logs Policies Forensics Images Disk & Memory Utopia Process Logs Malware Analysis Malware Packaging Secure Data Transfer Secure Data Transfer STIX PKGs Utopia DRP DB Information Sharing Partners STIX PKG Adversary Obfuscation ICEs ICEs ICEs ICE DRI ICE DRI ICE DRI STIX PKG STIX PKG STIX PKG CUSTOMERS Obfuscation ICEs ICEs ICEs ICE DRI ICE DRI ICE DRI STIX PKG STIX PKG STIX PKG Open Source Intel ICEs ICEs ICEs ICE DRI ICE DRI ICE DRI STIX PKG STIX PKG Obfuscation STIX PKG STIX PKG STIX PKG ICE DRI ICE DRI ICE DRI DNS INFO Shadow Server Subscription Services Data Capture Data Normalization Data Insertion/ Updates Information Sharing Partners Secure Data Transfer Intelligence Collection Engines Active Threat Detection & Mitigation Utopia Process Logs STIX PKGs Utopia DRP DB RAW DATA Secure Data Transfer Distributed NETFLOW Distributed NETFLOW Distributed NETFLOW Distributed NETFLOW Distributed NETFLOW Distributed NETFLOW NETFLOW Collector NETFLOW DRI NETFLOW Provisiong NETFLOW Manager CUSTOMER Premise Managed Netflow Collection & Aggregation Customer Public Facing Information Collection, Targeting Analysis & Modeling Adversary information Collection, Analysis & Modeling Open Source Intelligence Collection Automated Threat Intelligence Impact Analysis, Forensics Evidence Capture, and Operational Mitigation Vendors Shown are for Illustrative Purposes Only. All Major Technologies that provide a mature API/REST Interfaces will be Intergated via standard DRP/DRI Interfaces. Threat Intelligence Queries and Action Decisions will be also be transformed into Vendor Specific Formatted Configuration Files for manual processing (e.g. Cisco ACL.s, CheckPoint DBEdit,, Mcafee CSV, etc. FI SDK API FI DRI STIX PKG Fidelis Policies CS SDK API CS DRI STIX PKG Cisco Policies MC SDK API MC DRI STIX PKG McAfee Policies Utopia Utopia These are for Illustrative Purposes Only. Key concept is to take all Threat Intelligence and enrich through Open source and Subscription based services. DRI = Device Request Interfaces DRP= Device Request Package Core concept is to normalize a set of actions through "DRP"'s and transform them to actions that are relevant for a given technology through "DRI"s "DRI"s are ideally based on "REST"flu Interfaces but can extend to any API exposed by a given Vendor. DRI = Device Request Interfaces DRP = Device Request Package Core concept is to normalize a set of actions/responses through DRIs using "CTI"' STIX Packages. DRIs transform them into actions that are relevant for a given technology. "DRI"s are ideally based on "REST"flu Interfaces but can extend to any API exposed by a given Vendor. Data Transform STIX Profiles @2008-2015 Integrated Networking Technologies, Inc. All rights reserved
