English 
CrowdStrike とマイクロソフトは、サイバー脅威の攻撃者を特定・追跡する方法について、セキュリティベンダー間で明確化と整合性を図るための共同取り組みを発表しました。この取り組みは、プラットフォーム間で脅威行為者の名前を関連付け、攻撃者の帰属を一致させることで、異なる命名スキームの使用による混乱を最小限に抑え、現在および将来の最も高度な攻撃に対するサイバー防御側の対応を加速させることを目的としています。
The cybersecurity industry has developed a variety of naming schemes to identify threat actors, each based on their own perspective, intelligence sources and analytical rigor. These classification schemes provide important context about attackers to help organizations understand what threats they face and who is launching attacks and why. However, as the attacker landscape expands, threat attribution classification methods have become more varied and complex across vendors. Through this close collaboration, CrowdStrike and Microsoft have developed a common mapping system that can be called a “Rosetta Stone” of cyber threat intelligence, allowing attacker identifiers to be linked across vendor ecosystems without mandating a single naming standard.
このようなマッピングにより、敵の名称に関する曖昧さが軽減されるため、防御者はより信頼性の高い迅速な意思決定を行うことができ、複数の情報源にまたがる脅威インテリジェンスを関連付け、脅威行為者が実被害を引き起こす前に効果的に破壊することができます。マッピングにより、COZY BEARやMIDNIGHT BLIZARDのような異なる呼称を容易に関連付けることができるため、意思決定を迅速化し、異なる分類方法にまたがる脅威への対応を統一することができます。
こちらもお読みください: Cybereason、EDRによるリスクの可視化を実現するASAを発表
“We are excited to be working with Defense Department and Defense Policy Providers to bring these threats to our attention,” said Adam Meyers, Head of Counter Adversary Operations.
“This is an inflection moment for cybersecurity. Attackers have used technology to hide their true identities, but inconsistent naming confusion has made it harder to identify them. Defenders need to get ahead of attackers and give security teams a clear understanding of who is behind attacks and how to respond. This has been our mission at CrowdStrike since the beginning. CrowdStrike is the leader in attacker intelligence, and Microsoft provides one of the most valuable sources of data on attacker behavior. By joining together, we can bring these strengths to bring clarity, speed and confidence to defenders everywhere.”
The joint effort will initially be led by analysts from both companies to standardize threat actor naming between CrowdStrike and Microsoft threat research teams. Through this effort, the two companies have already resolved over 80 naming conflicts for threat actors, confirming, for example, that Microsoft’s Volt Typhoon and CrowdStrike’s VANGUARD PANDA are both Chinese state-sponsored threat actors, and that Secret Blizzard and VENOMOUS BEAR refer to the same Russian-origin threat actor. This demonstrates that the shared attribution information is operationally valid. Going forward, クラウドストライク そして マイクロソフト 世界のサイバーセキュリティコミュニティに共通の脅威要因マッピングリソースを提供し、維持することを目標に、この取り組みを拡大し、他のパートナーにも参加を呼びかけるために協力していきます。
The joint effort builds on each company’s long-standing threat intelligence leadership and is driven by a shared philosophy of putting the customer first and the mission over markets, to deliver better outcomes for defenders.
ソース PRタイムズ
日本語