Inside the World of Threat Intelligence Operations


Day. So what is threat intelligence in your mind? Can you describe it for for our audience police? Yeah. Yeah. Absolutely. You know it's a good question, right? So there's a challenge industry actually that I think a lot of people throw different terms around sort of conflate the terms, right? So I look at it from an come out of the government background I look at it from a government and military standard originally. and. So you're talking about maybe data and information and intelligence is the best way to explain it so. There's a chart and publication two dash zero that that actually really how well essentially, data is to list of peace in are else for instance, information would be that same list of Ip's New Orleans with with so share with it. So a informed data information, which unfortunately is where a lot of people live and they think that's that's intelligence. But what we really need to do is get to intelligence which. is at Saint list of IPR als, but you also add in the threat score. Of course then you add in, you might be associated threat actors, tactics, techniques, procedures, signatures, tools, motives you know when when architecture was hustle went was saved when it was hostile and even what might come next. So it's that holistic picture that gets you into the intelligence realm and then we'll talk about threat intelligence is specific towards. Threats against. US or others rights for you talk about tying that that holistic picture to. Pursue Tactics techniques, things we need to worry about. So that's in a nutshell sort of what we talked about. We talked about threat intelligence. I think when we talked our audience and we tell them aren't in the cyber security business and we say that the government does intelligence and they have intelligence services and functions. I think they get that right they get in the government does intelligence. Why does a fortune five hundred company need intelligence like what? What problems threat intelligence saw for fortune five, hundred company. Yeah. It's a good question and to be honest I, spent a lot of time on this one. So I, think you're right I think people get the government need for intelligence rights. It's been around for generations. Now, a nation to nation interests you want to know things you know as much about your adversary is possible right? That's sort of the goal of intelligence any the product it's not that different. What's happened essentially is in an interconnected world. Now, where we all live everybody's at risk at some level connected to somebody or something. And his adversaries out there and most of us have something of value whether we think. So we're not obviously understand. Best Right. We protect money. But there's other ventures. It also have things. EVALU- personal information, intellectual property things of that nature. So when you understand, you have a threat you and you have risks worry about its best again to understand the adversary and. Does you know intelligence is the only way to become proactive. When you talk about doing defense most executive, you think cybersecurity sock things like that. We have we have the same. We have network data coming in and work reprocessing that were reacting to things that are in our environment. But as long as we're just living inside our environment, we're never going to get off that that wheel that hamster wheel where we're just not things down. So what intelligence does is allows us to see things outside their environment and you start moving. You know we talk in the connect world. If you think of a time line of left to right, we always talk about trying to be left to the boom boom is a terrorist attack robot or something terrible and the right obviously, it's reactive and it's really really bad and that's what. I bring into the cyber discussions is we also WANNA get left the boom right? As you know we've already been compromised. We're on the news we got twenty four hour operations etcetera we WANNA move left and the only way to move left of the move boom. The only way to become proactive is intelligence we have to understand things that are going on around the world outside of where we are we have to understand what adversaries exists and what their general practices are and what their targets sets are, who going after what are their motives And we start seeing that even get bigger and talk about geopolitics. You know what is an embargo against Iran do from a cyber standpoint. Tactics right and you know North Korea Sarah. So I think that's the bigger piece and I think we're starting to see more understanding on the private sector that the risks are are incredible the barrier to entry for cyber pretty low you have to be an incredible hacker to do damage to somebody or to steal information center or something like that. So. Yeah absolutely. Fortune Five, hundred, fortune one, hundred. You know frankly even smaller companies but you really need to be building in my opinion and intelligence programs the only way to get proactive. So, all sounds commonsensical. How how hard is it to be proactive, and then actually be predictive where you can actually predict that something bad's going to happen before it happens right So to speak, right? Yeah. How hard is it? Is Really hard. That's the hard part, right? It's really hard. So you know and to be to be clear even the government space you know we've all the classified information available on all the resources. It's still really hard. You know we often talk about. I worked in areas where we talked about predictive intelligence but it's dangerous term October when you used there is no crystal ball by any means. The best you can hope for is to have enough available data and information to develop intelligence to make assessments on likelihood. And it is hard. It takes time and effort. It takes a set of skills It's one of the things it's been a lot of time in the private sector talking to you about is I. Think a challenge we've seen as people started except, yes, we want intelligence attendance. The next thing is explaining the intelligence is its own career that's its own thought processes and training. You can't take your world's best in incident responder say that guy's GONNA run Intel program. Now you're gonNA build another incident response program so. When you're able to bring in town of a off your obviously, the government grows most talent. You bring some folks who can help build these programs. There's also you know universities are building great programs teach this in their courses like you know has GTI. Course it's a great place to be. When you build those out, you understand a different skill set and then you can start building but the truth is it's it's hard it's time consuming. It could be a bit expensive talent access and time or sort of three elements. tools is under big element I, throw them in with the access piece, but talent access in time or big elements you have to build out and you also really have to discuss value, right so leadership. Wants no what am I getting for my money and when you talk about being proactive, that's a tough thing. Sometimes get metrics to measure You know I've talked to a lot of organizations that in the cyber world and they measure their metrics on their tools and things that they have in the sock and they come with great metrics usually but Intel, I tell people to start thinking about more on the lines of how you measure your metrics for physical security. Or. Insurance, even. I if you run a bank and you don't get robbed for a few years to fire the security team shut off the cameras clearly, we don't need this. WE'RE NOT IN DANGER RIGHT? You understand the risk of being a bank. You know there's there's an inherent risk and it's the same thing in Cyprus. So it's a we are working on better metrics. I, think as an industry help people understand the value of it. But yeah, it's it's Hartman John Security for

Coming up next