DXL helps organizations keep an eye on external and internal threats using relevant information in real time.

Torry Campbell, Chief Technical Officer of Endpoint and Management at Intel Security

June 24, 2015

2 Min Read

It is no secret that timely and accurate information is at the heart of any successful attack campaign. As we build up our defenses in the escalating conflict against cyberattacks, getting timely and accurate information to and from various defense agents, gateways, firewalls, sensors, and managers has become a critical part of the counter-attack.

Traditionally in IT systems, data is collected by logs, in scheduled batches, or as a result of an ad hoc pull or push action. If two products aren’t integrated, they won’t share data, and data correlation is often a manual and tedious process. In the cyberwar, shared data is critical since a single piece of information, from one data source, with no context, is seldom enough to confidently convict an offender.

Other IT applications have solved this problem through creation of a message bus, a high-speed interconnect that facilitates sharing of information in real time. Intel’s Data Exchange Layer (DXL) brings this model to security. It provides an open way for security products to publish and subscribe to relevant information in real time. Why does speed matter? The good guys need all the help they can get. The latest Verizon Data Breach Investigations Report says that “75% of attacks spread from Victim 0 to Victim 1 within one day (24 hours). Over 40% hit the second organization in less than an hour.”

In its first year, DXL was woven throughout the Intel Security portfolio as we evolved our product lines. Now in year two, our technology partners are integrating this messaging fabric based on a new software development kit (SDK) and releasing products and services that attach to DXL.  

Titus, for example, has introduced its Classification Suite 4, which leverages DXL to extend data classification and information protection to detect insider threats and other inappropriate use of sensitive or confidential material. Where many of the initial DXL use cases have focused on threat-intelligence sharing, Titus is using DXL to publish data classification decisions in real time to take more appropriate security action based on the sensitivity level of the data as it happens.

Instantaneous data exchange is the critical enabler of adaptive and resilient information security that enterprises require in today’s cyberwar. Obtaining and sharing information from multiple products across all parts of the network helps build the context needed to identify anomalous behavior as it happens. 

About the Author(s)

Torry Campbell

Chief Technical Officer of Endpoint and Management at Intel Security

Torry Campbell is the Chief Technology Officer for Endpoint and Management technologies for Intel Security, formerly McAfee. From a decade at McAfee, he couples his security operations background with product management, development, and customer implementation experience to guide the product architecture, to better support the protect-detect-correct-adapt workflow within changing threat and risk requirements. Prior to joining McAfee, Campbell worked for a large professional services company, providing rapid response services for active incidents at enterprise accounts. His expertise spans multiple domains of Information Security, shaped by his experience gained through many years in security operations at a large financial services organization.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights