I don’t know about you, but the steady stream of vulnerabilities constantly being discovered in software I use for my business unsettles me. And the new kinds of threats that are arising all the time unnerves me. My knees are shaking and my head is spinning as I try to figure out how to keep my business environment secure. I know I’m not alone in thinking this as one individual who feels the same way I do — and is helping those of us who work in IT make more progress towards finding a solution to this problem — is Brandon Hoffman, CISO at Netenrich. Netenrich uses a dynamic mix of machine and expert intelligence across a wide range of products and SaaS-based offerings to deliver complete resolution intelligence to transform digital operations into smarter business outcomes. Their solutions integrate with more than 140 market-leading IT and security applications to drive digital transformation, mitigate brand exposure, increase efficiencies, and bridge skills gaps. More than 6,000 customers and organizations worldwide rely on Netenrich to gain increased visibility and actionable intelligence across their IT and cloud networks. What follows is a discussion I recently had with Brandon about the infosec challenges organizations face today because of this security overload and how to get a handle on them.
MITCH: What are some of the biggest challenges that infosec professionals face today?
BRANDON: Security has no shortage of challenges. Categorically, the challenges security people face cover the gamut from business to deeply technical. If I had to pick three challenges, it would be the skills gap, tool interoperability, and signal-to-noise ratio. While these challenges certainly are broad, they can exist in a very focused manner as well. Take the signal-to-noise challenge. This can be applied broadly to the security market where messaging overlaps, terms get reused, and functionality versus outcome gets confusing (mostly not intentionally). This same challenge also exists in a technical format when looking at data output from security tools and processes. A quick example of this is threat intelligence. There is a lot of data out there, but figuring out what data matters and why is a huge challenge.
Security has no shortage of challenges. Categorically, the challenges security people face cover the gamut from business to deeply technical. If I had to pick three challenges, it would be the skills gap, tool interoperability, and signal-to-noise ratio
MITCH: What are some steps you advise companies and their infosec teams to do to protect their data and meet the challenges of today’s threat landscape?
BRANDON: The best advice I can offer is to take a risk-based approach. Simply because a topic is hot or intriguing doesn’t mean it is an issue that needs to be addressed now. That issue may not even be applicable to your organization. It is critical that people remain objective about the trends in security and subjective about what applies to them. Scrutiny here not only saves you time but money and people as well. Going back to the risk-based approach, there are tons of great frameworks and guides for assessing risk, classifying assets and data, and controls for protecting them. Make sure you take the time to understand the most important elements of the business that need protection, prioritize the assets/data, and build your plan based on the priority and probability of execution. What I mean is if there is a new solution to protect an application, but you have no skill set internally to implement or operate that tool, it is better to leverage a tool that gets you most of the way there if you can actually have success with it.
MITCH: What exactly is a threat intelligence solution? When and where did the concept of this arise?
BRANDON: A threat intelligence solution will mean exceedingly different things to different people. The genesis of threat intelligence really comes from a military application and is no different than the concepts of reconnaissance. Putting it in context to information security, the concept is simply about having more data about external factors to better contextualize telemetry that has been captured. Initially, that telemetry was internal but can include external as well. A threat intelligence solution in its most simple form would be any solution that helps with that concept. The industry has seen a few iterations or variations of threat intelligence tools, and many of them are in a category of their own. Generally, we see tools that help aggregate data, tools that correlate that data to other threat intel to perform de-duplication or analytics, and tools that correlate that data to telemetry automatically to help contextualize events or incidents.
MITCH: What do most traditional threat intelligence solutions lack that Netenrich is able to provide customers with?
BRANDON: The two most important things about threat intelligence are context and actionability. What Netenrich is offering is a portal that provides traditional threat intelligence correlated to news and media-based information for context. This is a critical piece of information when trying to understand if a specific threat matters in general and specifically to your organization. More important is that this threat intelligence is natively integrated across our portfolio of solutions and services, making it immediately actionable and operationalized. This is one of the biggest struggles companies have with threat intelligence. It’s a challenge that birthed an entire product segment in security.
MITCH: Tell us a bit about the new attack surface intelligence solution that Netenrich has just launched.
Attack surface intelligence is just what it sounds like. We have a solution that automatically determines your public-facing digital assets and whether they are vulnerable to attack or create risk for your organization. By attack, we simply mean a vector for intrusion by an adversary. In today’s landscape with evolving architectures, digital transformation, and work-from-home mandates, companies are moving rapidly, and keeping tabs on everything becomes increasingly more difficult. This is exactly the type of task technology was intended to solve. Continuously discovering and assessing an organization’s public-facing assets is a job for machines. Furthermore, automatically prioritizing those issues based on risk and a quick check against our threat intelligence allows people to take the next step of remediation. This allows people to do people tasks faster and more efficiently by leveraging machines for automating suitable tasks. Specific examples of these issues include emails appearing in public breaches, company data exposed in cloud storage or code repositories, company infrastructure being used for malicious purposes (like installing malware or phishing), and more.
We need to temper expectations that AI is going to solve all of our problems. It is and should continue to be viewed as a tool that can be deployed to solve a specific set of issues technologists face.
MITCH: What do you see in the future as regards to using AI to help organizations overcome technology and infrastructural infosec challenges, including IT security?
BRANDON: I think AI has a strong future in solving technology challenges in infosec and beyond. We need to temper expectations that AI is going to solve all of our problems. It is and should continue to be viewed as a tool that can be deployed to solve a specific set of issues technologists face. Specifically, in security, AI can help where there are a lot of disparate sets of data that haven’t been structured or normalized. Hearkening all the way back to finding signal in the noise is a critical contribution AI will make in security.
MITCH: Anything else you’d like to add about threat intelligence and infosec challenges?
A last thought is that we need to remind ourselves that the most important asset in the ongoing cyber challenge is people. This cuts both ways in the sense that people are the key to overcoming the issues but also represent one of the biggest attack vectors. Machines do an important chunk of tasks and automate many of the things people are bad at. So, keep the machines humming and keep your people happy, learning, and aware.
Featured image: Shutterstock