Cyber Intelligence Gets Even Smarter with CRITs

July 2014
Topics: Cybersecurity, Computer Security, Information Security Risk Management, Software (General), Open Source Software
MITRE's powerful intelligence tool gives cyber defenders a platform for instantly sharing detailed information on threats. Its release to the open source community marks an important step in the shift to active defense.

Faced with sophisticated and relentless cyber adversaries, organizations must constantly improve their defensive capabilities. They may hire crack teams of computer network defenders, but even these elite experts may not be able to secure the organization's cyber boundaries without equally elite tools.

What they need is a platform for storing highly detailed technical information on every individual threat. They also need to perform sophisticated analyses on this data to generate actionable intelligence. And they need to be able to share this intel among defense team members in time to prevent the next cyber attack before it occurs—rather than reacting after the fact.

Like other organizations, MITRE too faces the challenge of improving corporate cybersecurity. We recognized the critical need for a tool that would meet the criteria above—and we developed it. That tool is CRITs—Collaborative Research Into Threats—and it's proven so effective internally that MITRE recently released it into the open source community. Now every cyber defense team can access these powerful defensive capabilities. As of June 1, anyone can download CRITs at no charge on GitHub, a collaborative platform where programmers co-develop and share code.

"Releasing CRITs as open source marks an important step in making the shift to an active, threat-based defense and facilitating threat sharing across sectors—public and private," says Gary Gagnon, senior vice president and chief security officer of MITRE. "As an operator of federal R&D centers, MITRE—along with our government sponsors—would like to see this approach become industry practice."

Creating a Cohesive Picture of a Cyber Threat

CRITs is a threat-intelligence platform that facilitates the aggregation, analysis, and sharing of deep technical levels of cyber threat information. It manages huge amounts of data gathered from single, often disparate, cyber attacks, and performs analyses to uncover patterns in an adversary's targets, tools, and techniques. CRITs assembles these seemingly disconnected puzzle pieces into a cohesive picture of a cyber threat. Using a common vocabulary, CRITs immediately shares this "picture" with cyber defenders to help them prevent future breaches.

The CRITs platform can support many different kinds of users, from malware analysts to experts in reverse engineering. The depth and diversity of information shared among these multiple specialists can help continuously open up new ways to use the tool.

Four Years in the Making

CRITs grew out of innovative work from MITRE's InfoSec group, which ensures the security of the corporation's unclassified systems and information. In 2010, InfoSec experts began exploring new approaches for better protecting the corporation's own information technology network. At that point, defenders relied on a simple malware database for gathering threat intelligence.

But as the project grew, the team realized it needed to expand the database to include more information and incorporate analytic capabilities. As different parts of MITRE began using the approach, more ideas filtered in from across the company. Everyone from intelligence analysts and incident responders to systems engineers and software engineers added more advances and more capabilities.

Next, the project team redesigned the interface to make it even easier to access the large amounts of data they were accumulating. Now analysts could find the threat information they needed in just a click or two—rather than spending hours chasing down each individual intrusion attempt. Soon, CRITs was so successful internally that MITRE wanted to share it with our government sponsors.

"CRITs is a great example of operational innovation at MITRE," says Marnie Salisbury, MITRE's director of cyber strategy implementation. "We built a tool that's very helpful and very necessary to our own organization. When we realized it might be helpful to others, we were quick to talk to our government partners about it and help them start using it too."

User Numbers Are Climbing

In 2011, MITRE provided a CRITs operational prototype to the Boston-based Advanced Cyber Security Center (ACSC), a non-profit consortium of 27 industry, university, and government organizations, established to address the most advanced cyber threats.

Since then, CRITs has allowed ACSC members to instantly share detailed technical information, look for attack patterns, and ultimately thwart future compromises.

Realizing that the need extended beyond our customers and we had to help protect critical infrastructure, MITRE had already licensed CRITs to more than 100 organizations worldwide prior to the open source launch on June 1. The current license holders and users of CRITS now have the option of transitioning to the open source version or retaining their current version.

Since CRITs became available to the open source community, active members of GitHub have created 19 forks of the project. That represents 19 people or teams working on new features or other enhancements to the code base and documentation. "Source code contributions and active members are the lifeblood of an open-source project, so this is exciting," says CRITs project manager Mike Goffin.

To support continued growth in the CRITs community, MITRE and Confer, a Boston-based IT company, announced on June 18 that Confer will provide support and integration services for CRITs users and will operate on-premise and cloud-based instances of CRITs for companies using it as a service.

—by Twig Mowatt


Publication Search