
Sign up to save your podcasts
Or
In Episode 88 of TheCyber5, we are joined by Nisos Senior Director for Customer Success, Brandon Kappus.
Here are five topics we discuss in this episode:
Playbooks should include three major steps. The first step is education on how intelligence is going to be consumed and not be nonstop noise. Discussions between customers and vendors should start around requirements that customers are trying to address with business stakeholders.
The next step in any playbook needs to be about what data is needed to cover unique intelligence requirements. Social media, passive DNS, foreign media, business entity, person, and netflow datasets are all available, but they’re meaningless without understanding what a security team is trying to accomplish.
A threat intelligence program by itself is not generally a compliance regulation like anti-virus or a DLP program. However, there are many aspects of a threat intelligence program that are inherent with compliance spending such as the ability to monitor third parties, manage vulnerabilities, track credential and data leaks, as well as mitigate against insider threats. Flexibility to adapt to compliance needs is critical for maintaining the program and is as important as addressing routine vulnerability disclosures for the SOC or giving business units a competitive advantage.
Two general backgrounds are common with building intelligence programs: US government intelligence community experience and those with a data engineering background. While data engineering is important for automation and bringing indicators into network defense tooling like a SIEM, intelligence community backgrounds are critical for building relationships and crafting winning value propositions across a stakeholder community. Asking the question, “what does success look like for you,” goes a long way between customers and vendors, particularly when a program is starting.
When an intelligence program is starting, requirements are collected, and data that is needed is purchased, oftentimes return on investment comes in the form of storytelling. For example sharing how you’re stopping credentials from being used or stopping an insider threat from leaking data. Over time these stories become common themes that can be built out at scale and will ultimately be used to capture “prevention dollars” and potential dollar loss from leaving the company. This story telling to capture of dollar loss should be the pinnacle of any threat intelligence program maturation.
5
2323 ratings
In Episode 88 of TheCyber5, we are joined by Nisos Senior Director for Customer Success, Brandon Kappus.
Here are five topics we discuss in this episode:
Playbooks should include three major steps. The first step is education on how intelligence is going to be consumed and not be nonstop noise. Discussions between customers and vendors should start around requirements that customers are trying to address with business stakeholders.
The next step in any playbook needs to be about what data is needed to cover unique intelligence requirements. Social media, passive DNS, foreign media, business entity, person, and netflow datasets are all available, but they’re meaningless without understanding what a security team is trying to accomplish.
A threat intelligence program by itself is not generally a compliance regulation like anti-virus or a DLP program. However, there are many aspects of a threat intelligence program that are inherent with compliance spending such as the ability to monitor third parties, manage vulnerabilities, track credential and data leaks, as well as mitigate against insider threats. Flexibility to adapt to compliance needs is critical for maintaining the program and is as important as addressing routine vulnerability disclosures for the SOC or giving business units a competitive advantage.
Two general backgrounds are common with building intelligence programs: US government intelligence community experience and those with a data engineering background. While data engineering is important for automation and bringing indicators into network defense tooling like a SIEM, intelligence community backgrounds are critical for building relationships and crafting winning value propositions across a stakeholder community. Asking the question, “what does success look like for you,” goes a long way between customers and vendors, particularly when a program is starting.
When an intelligence program is starting, requirements are collected, and data that is needed is purchased, oftentimes return on investment comes in the form of storytelling. For example sharing how you’re stopping credentials from being used or stopping an insider threat from leaking data. Over time these stories become common themes that can be built out at scale and will ultimately be used to capture “prevention dollars” and potential dollar loss from leaving the company. This story telling to capture of dollar loss should be the pinnacle of any threat intelligence program maturation.