Do You Want to be a Cybersecurity Top Gun?POSTED BY LIZ BUSH
The term “top gun” has two meanings. Loosely, it means to be the best of the best in a certain field. However, it is also the nickname for the elite U.S. Navy Strike Fighter Tactics Instructor program aimed at creating world-class fighter pilots.
In cyber defense every security analyst strives to be the best of the best, so it’s a fitting analogy. But there’s also another commonality between fighter pilots and security analysts. Colonel John Boyd created the OODA loop as a new and structured way to train pilots. The acronym stands for Observe, Orient, Decide and Act – the decision-making process we go through that, when mastered, allows us to process information and react faster to outwit adversaries.
It’s easy to understand why the concept of the OODA loop resonates in the cybersecurity industry. We continuously go through the process of gathering threat and event data (Observe), analyzing it (Orient), determining what it means for our organization at that particular moment in time (Decide), and then using it to strengthen defenses (Act). Faced with a shortage of skilled security professionals, the more aspects of this often highly manual process that we can automate, the more effective we can be at accelerating decision making and reaction times to thwart attacks. This is the crux of a recent webinar, “Cyber Threat Intelligence, Top Gun Style,” hosted by ThreatQuotient’s Markus Auer and Falk Schwendike.
Data is the foundation for decision making for pilots and the same is true for security professionals. Applying the OODA loop to cybersecurity will help us accelerate the process of translating threat data into action but we have some unique challenges that pilots don’t face. For example, we have too much irrelevant data; no central place to aggregate and process massive volumes of data; limited capability to analyze and prioritize data, make decisions, and take actions quickly; and no central repository to store data and capture learnings to accelerate decision making and action in the future. We need assistance to follow the OODA loop process – in the form of a threat intelligence platform – so we can perform at elite levels.
Watch the webinar on demand and see how the TheatQ platform ingests any data in any format, presents what is most relevant to your organization, creates a data model that suits your company workflow, shares curated threat intelligence across tools and teams, helps accelerate established processes, and empowers you to pivot to find other possible attack vectors based on current information. The demo culminates in a threat hunting investigation that reveals a spear phishing attack with a malicious attachment and recommends actions based on previous learnings.
Learn how to get through the OODA loop faster than your adversaries and achieve top gun status!