Flashpoint VP On Why Cyber Threat Intelligence Matters
Ian Schenkel, Vice President, Europe, Middle East & Africa at Flashpoint, on why threat intelligence is an essential tool in the CISO’s arsenal.
How can CISOs best assess risk factors of their businesses?
The first thing they need to establish is what is known about them in illicit online communities or by individual threat actors. Hidden marketplaces that trade in compromised credentials, executive information, and stolen card data gives an insight into what serious risk factors CISO are faced with.
Visibility into these types of sources will provide a unique understanding of what is out there and what a CISO will be facing. But there are so many sources of threat and risk to a business, it is important to clearly define your needs and objectives before seeking out vendors to help satisfy them.
Get as granular as possible. If, for example, you’re in the market for a vendor that offers threat activity or online community coverage, don’t assume every vendor marketed as such will provide the depth and breadth of coverage you need. Only after you’ve determined your intelligence requirements and the depth of sources needed to fulfil those requirements should you even think about evaluating vendors.
Once a CISO has this information that can then put effective, and long lasting security policies in place to prevent such breaches. However this is a constantly evolving strategy, and needs to be checked on a regular basis. As an organisation evolves its security policy, so too will the threat actors that try to breach it.
Why do we need better threat intelligence sharing between the public and private sectors?
Threat actors, nation states, and all illicit online communities will try to leverage vulnerabilities across all organisations – they do not differentiate between private and public sectors. The more we are able to collaborate and unify against the common threats that every organisation faces, the more we are able to act against them in unison.
Regardless of whether you’re new to threat intelligence, or if you already have a highly sophisticated programme in place, collaborating with your counterparts at peer organisations and other trusted experts can be highly beneficial. No intelligence programme is perfect, much less without challenges, and it’s important to remember that most of us in this industry are facing or have faced many of the same issues. By sharing what you’re dealing with—whether that might be difficulties establishing your intelligence requirements, getting the support you need from the C-suite, or choosing the right vendor, to name a few—you’re likely to encounter others who’ve been where you are and might even have insight into what you can do to end up where you want to be.
Collaboration built into any threat intelligence platform is key to being able to share, and create a combined strategy.
What are your tips for designing a new risk profiling system for enterprises?
This all comes down to alerting. Flashpoint’s alerting comes in a few different variations, but ultimately is used to inform customers when relevant information is uncovered in threat actor discussions and compromised data is detected. In its simplest form, this can be done by domain name, email address, or other public facing credentials monitoring. With more advanced monitoring and alerting, organisations should be able to create fully curated alerts on their industry, area of business, and geolocation.
Do you provide a risk dashboard with near-real time visibility into vulnerabilities?
Yes, at Flashpoint we do provide near-real time visibility into vulnerabilities. This visibility is a pivotal part of our platform and means that security professionals can quickly get a pulse of what needs their attention day to day. Flashpoint’s dashboard provides Access to the latest CVEs within Flashpoint collection, including access to MITRE and NVD data, as well as CVEs discussed by threat actors as observed by Flashpoint Intelligence Analysts. With insights into threat actor mentions of such vulnerabilities, it makes it easier for users to prioritise vulnerabilities that threat actors are discussing and presumably utilising.
What factors should security and risk professionals consider while evaluating threat intelligence vendors?
They should be looking at vendors that can cover the five main aspects of threat intelligence and give them good scope on the following: First, cyber threat intelligence which includes insights into Distributed Denial of Service (DDoS), cybercrime, and emerging malware. Second, corporate & physical security which includes threats to critical assets, personnel, and infrastructure. Fraud is also a key area to consider when evaluating intelligence vendors. Can this organisation help you with identity theft, credit card fraud, personally identifiable information (PII) and/or personal healthcare information? Insider threats are also an area of concern for many organisations–no matter their industry. A vendor should be able to detect insider threats from their data sources, be able to investigate, mitigate and help respond to this particular type of threat. And lastly, compromised credentials monitoring is key. A stellar intelligence vendor will have access to unique collections for compromised credentials for your organisation and potentially your customers as well.