Aug 15, 2019
All links and images for this episode can be found on CISO
How proactive should we be about security? What's the value of
threat intelligence vs. just having security programs in place with
no knowledge of what attackers are trying to do?
this post for the discussion that is the basis of our
conversation on this week’s episode co-hosted by me, David
Spark (@dspark), the
creator of CISO
Series and Allan
Alford (@AllanAlfordinTX). Our
sponsored guest for this episode is AJ Nash, director of
cyber intelligence strategy, Anomali.
Thanks to this week’s podcast sponsor,
harnesses threat data, information, and intelligence to drive
effective cyber security decisions.
On this episode of Defense in Depth, you'll
- You can't start a threat intelligence until you understand your
internal threat landscape and business mission.
- Sadly, very few organizations have a good answer to "What and
where are your crown jewels, your high valued assets?" But if you
can answer that question, your threat intelligence will be far more
- It's possible to understand internal and external landscape in
parallel. But you won't get great value of your intelligence until
you understand your environment.
- How do we judge the value of intelligence? It's all about
dealing with costs before the "boom" vs. afterwards. Because
afterwards is far more expensive.
- The reason to invest in threat intelligence is because once you
know your assets, and you know what your adversaries are after, you
can adjust your defenses accordingly.
- If your goal is to harden everything, you're going to be very
busy. It's not economically and physically possible.
- Make sure you're manning the threat intelligence and incident
response teams properly. This is a common misstep that many shops
- If you don't have intelligence you're doing reactive security,
which nobody wants, yet that's what many often end up doing.