We’re taking a quick mini-break from our regular content to provide our readers with inspiration from other cybersecurity industry leaders. Buckets of interesting thoughts to share.
Companies Are Not Prepared
“At the very top of the very top of the pyramid, practically in upper stratosphere, sit organizations that produce their own threat intelligence (TI), sourced from local artifacts and their own intelligence gathering activities.”
-Anton Chuvakin, research vice president at Gartner’s GTP Security and Risk Management Group
A Shortage of Experience
“There is a significant shortage of people who have the ability and experience to fight back against the persistent hacker and trained in gathering and analyzing cyber intelligence. Budgets are being compressed in every area, and there is often diminishing support from the board to spend more on something that can seem intangible, never mind invest even more on an entirely new proactive approach.”
-Tax, advisory, and risk management firm EY, in the November 2016 report, “Cyber threat intelligence − how to get ahead of cybercrime”
Merging Cybersecurity and Cyber Intelligence
"Tactical cyber intelligence is complementary to, but does not replace, an organization's traditional cybersecurity technologies and approaches. Striking a balance between the two, and allowing the former to strengthen the latter, is the best path forward to stay ahead of adversaries targeting your organization or its sector."
-Intelligence and National Security Alliance
Focusing on Predictive Intelligence
“If you’re just offering prevention, you don’t have a complete product. If you have detection and remediation, you’re getting closer. When you add predictability, you’re starting to get a fairly robust treatment of the problem.”
-John Prisco, CEO of Triumfant, a cyber intelligence provider
Quality over Quantity
“In the intelligence realm, quality is far more important than quantity. Consider the example of two intelligence sources. Intelligence source “A” provides us with 5,000 pieces of information that generate 10 true positives and 100,000 false positives. Intelligence source “B” provides us with 10 pieces of information that generate 100 true positives and 10 false positives. It is easy to see that source “B” provides us with more value in that it detects more true positives. But there is another, often overlooked aspect. Source “A” generates far more noise, which pollutes our work queue and clouds our visibility into the organization.”
-Joshua Goldfarb, chief security officer of the enterprise forensics group at FireEye
Using Intelligence to Fight Cyber Threats like War
“We spent a lot of time in the Cold War looking for capabilities that would give us a continual advantage, and I think that’s where cyber is now. [If the military listens for a submarine from miles away], once you understand where there’s a noise spike from a submarine, you’re probably going to nail that submarine for the life of the submarine.”
-William Leigher, retired Navy admiral turned top Raytheon executive
"In the past 12 months, the five largest breaches (based on the number of breached customer records) accounted for 93% of all breached records. This concentration demonstrates the targeted nature of today’s cyber attacks. Attackers are carefully picking their victim organization, learning its business, understanding its partner relationships, and testing for weaknesses and vulnerabilities. This is why there is strong demand for cyber threat intelligence."
- Rick Holland, Forrester