Being Part of What’s Next in Threat IntelligencePOSTED BY JONATHAN COUCH
I’ve been in threat intelligence and security operations for most of my career, first with military, government, and intelligence organizations; then as a co-founder of iSIGHT Partners; and now I’m excited to join ThreatQuotient as VP of Strategy. I’ve worked with threat intelligence before it was cool, with early adopters around the globe who were trying to understand what threat intelligence is and how to use it within their organizations.
Now it seems that everyone is talking about threat intelligence. Nearly every security vendor wants to get in on the action. And security operations groups are either being told by their management and Board to get it, or they’ve attended RSA or another security conference and realize they need to add threat intelligence to their security program. The questions they always come back with, though, are:
What should I get? And how do I use it effectively?
ThreatQuotient can answer these questions. It’s leading the threat intelligence market into its next generation and I’m eager to apply my background to help define and realize what threat intelligence can do for organizations.
ThreatQuotient was created by security operators to solve problems they experienced with threat intelligence. I like knowing that I’m working with a team that is focused on solving real issues while having the knowledge, experience, and drive to address the next phase of challenges at the same time. ThreatQuotient has the platform and the people to help organizations communicate better, focus resources more effectively, and manage risk. In the weeks to come you’ll hear more from me on each of these benefits that threat intelligence can deliver to businesses as it continues to mature, but here’s my quick take.
- Improve Communication
Every CISO or SOC manager at some point is asked by management, concerned about the latest hack: Do you know about it? Does it affect us? What are we doing about it? Threat intelligence can provide you a means to be proactive with executives and the Board to answer these questions before they are asked. Leaders also want a way to answer these questions in business terms and let management know what you are doing as a Security Operations group. It gives you the information you need to change the conversation from “we blocked a million events this month” to “we stopped ransomware attacks which would have cost the company $2M.”
2. Focus Resources
On a network there are only three things security operators need to deal with: noise, nuisance, and threats. You need to automate out the noise (blocking it at the perimeter or detecting it and automatically remediating), focus on threats (the real gotchas that can negatively impact shareholder value), and determine if a nuisance is actually noise or a threat and deal with it accordingly. ThreatQ helps organize the threats and hone in on what really matters. It provides the automation for the noise while also enabling threat intelligence enrichment through an analyst workbench to understand and address the nuisance. Basically, it lets you operationalize threat intelligence.
3. Manage Risk
Once you are using threat intelligence to improve communications and focus your resources, then you can start diving in to risk management. ThreatQ lets you take a more strategic view of the business critical assets you need to protect, the threats that are targeting these assets and how, and the countermeasures you have in place. From there you can figure out your risk gap and turn that into a strategic discussion with the board about accepting, transferring, or mitigating risk and the investments required.
As VP of strategy I’ll be working to ensure that the platform grows in a way that meets customers’ needs and I’ll work closely with customers as they implement strategies and technologies to expand their use of threat intelligence and achieve their goals. I’m looking forward to bringing the next generation of threat intelligence to organizations so they can transform how they communicate, operationalize threat intelligence, and manage risk.
Icon credits: Alfredo Hernandez, Juan Pablo Bravo, and Arthur Shlain from the Noun Project.