DISA seeks CTI aggregation tool
On July 15, the Defense Information Systems Agency (DISA) posted an updated request for information (RFI) for cyber threat intelligence (CTI) aggregation. Responses are due by 11:59 p.m. Central on July 25.
Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN)/J4 is seeking information from industry to assist with the development and planning of a potential new requirement.
The primary role of joint intelligence is to provide information and assessments to facilitate mission accomplishment. This role is supported by a series of specific responsibilities to guide the intelligence directorate of JFHQ-DODIN and supporting organizations. These include the following: Inform the commander, describe the operational environment (OE); identify, define, and nominate objectives; support planning and execution of operations; counter adversary deception and surprise; support friendly deception efforts; and assess the effectiveness of operations.
JFHQ-DODIN is seeking information from industry regarding CTI aggregation enterprise (cloud-based) capability that can ingest multiple third-party CTI feeds and external threat data. JFHQ-DODIN reviews and analyzes classified and open-source threat intelligence to identify attack indicators, mitigate identified threats, establish threat data feeds, and share advisories with DODIN customers and other federal specialists.
A critical mission of JFHQ-DODIN is to conduct defensive cyber operations (DCO) consisting of passive activities intended to preserve the ability to utilize DoD cyberspace capabilities and to protect DoD data, networks, and systems. As cyber threats proliferate – both in terms of numbers and sophistication – the ability of JFHQ-DODIN to successfully perform the CTI role in defensive cyber operations becomes more and more challenging. JFHQ-DODIN is interested in identifying a commercial solution capable of aggregating and correlating cyber threat intelligence information. JFHQ-DODIN is interested in solutions that provide Artificial Intelligence (AI) to help our analysts identify common patterns of information across multiple sources of information.
The analyst requires an ability to ingest the current CTI Feeds into a single solution, to correlate and validate each Indicators of Compromise (IOC) as they are being processed in automated fashion. The capability shall include ingest from both existing Data/Application Programming Interfaces (APIs) as well as multiple cyber intel feeds that will be aggregated and analyzed in single interface. In addition, the capability shall provide the ability to manually upload data from spreadsheets and documents; ingest from existing DoD cyber repositories, have the processing power to ingest multiple feeds at the same time, and be powered by AI and Machine Learning (ML) for the purposes of conducting queries, analysis, and alerting.
JFHQ-DODIN requires a cloud-based (off-premises) capability to ingest most CTI sources, as well as some non-standard sources such as spreadsheets, PDFs, unstructured blogs, and news articles, that enables their ability to aggregate the feeds to centralize the sources for more efficient processing. This capability should provide the resources to create a semi-automated process for providing context to the Indicators of Compromises and rapidly assess duplication and information validity confidence levels. This app-agnostic capability needs to leverage Artificial Intelligence techniques to pull data at scale from different APIs, as well as the non-standard sources, aggregate and normalize the data, and identify base-line anomalies for the analyst to prioritize investigating.
Review the DISA CTI aggregation RFI.
Source: SAM
IC News brings you business opportunities like this one each week. If you find value in our work, please consider supporting IC News with a subscription.