Sign up to save your podcasts
Or
Share EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
Guest:
-
John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud
Topics:
-
You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class?
-
There are many places to learn threat intel (TI), what is special about your new class?
-
You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel?
-
Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine?
-
In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations?
-
Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them?
Resources:
-
The new class “Inside the Mind of APT”
-
“Navigating Tradeoffs of Attribution” paper
-
Sands Casino hack 2014
- "Threat Horizons - How Google Does Threat Intelligence" (ep112)
View all episodes
By Anton Chuvakin
4.8
3838 ratings
Guest:
-
John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud
Topics:
-
You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class?
-
There are many places to learn threat intel (TI), what is special about your new class?
-
You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel?
-
Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine?
-
In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations?
-
Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them?
Resources:
-
The new class “Inside the Mind of APT”
-
“Navigating Tradeoffs of Attribution” paper
-
Sands Casino hack 2014
- "Threat Horizons - How Google Does Threat Intelligence" (ep112)
More shows like Cloud Security Podcast by Google
View all
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
The Cloudcast
152 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
CyberWire Daily
1,009 Listeners
AWS Podcast
201 Listeners
Click Here
408 Listeners
Cybersecurity Today
166 Listeners
Kubernetes Podcast from Google
181 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cloud Security Podcast
58 Listeners
Cyber Security Headlines
127 Listeners
Risky Bulletin
43 Listeners