Welcome!

Cloud Security Authors: Zakia Bouachraoui, Pat Romanski, Elizabeth White, Yeshim Deniz, Liz McMillan

Related Topics: Cloud Security, Containers Expo Blog, @CloudExpo

Cloud Security: Blog Feed Post

Threat Intelligence Platform Just a Tool? By @AdamDVincent | @CloudExpo [#Cloud]

Tools are purpose built and difficult to extend beyond the original purpose to which they were built

Is Your Threat Intelligence Platform Just a Tool?

“If the only tool you have is a hammer, you tend to see every problem as a nail.” Abraham Maslow

Throughout the enterprise there are security personnel using a variety of processes and tools to conduct their incident response, network defense, and threat and risk analysis. Security team efforts haven’t been integrated, or if they are integrated, it is only through rudimentary technologies like email, spreadsheets, a SharePoint portal, or a ticketing system. These techniques, although better than nothing, do not scale as the team grows and the number of malicious events and security processes increases. We saw this same problem with other parts of the business, and platforms were created to support them in their quest for automation, collaboration across use-cases, and better management processes.  For example, PeopleSoft for human resources, Salesforce for sales, SAP for manufacturing, and Eloqua for marketing.

lego-dinosaur

Tool, a Means to an End
Tools are purpose built and difficult to extend beyond the original purpose to which they were built. Platforms are extensible and transformative and make up the foundation of a solution. As an example, picture Legos. They are a foundational building block (literally) of creating many different toys. You can buy specific sets of Legos that include the building blocks of specific things.  So rather than buy a dinosaur you could buy the dinosaur Lego set and that could be integrated together to form a larger structure. Like Legos, a platform allows the specific need to be solved while at the same time providing an integrated solution for longer term solution development.

Tool vs. Platform
There are new tools coming on the market every day, but many are just that, “tools”, and not a true platform. Tools may solve immediate needs, but you need to evaluate your needs across multiple stakeholders across your organization (i.e., SOC, IR, Threat Team, CIO, CISO, Board) and look to a single platform to bring everyone together. The platform must support the integration of all the stakeholders and data that is relevant to each in a way where they can work together as a team. Customization of the platform is key, as each organization will have different processes, and data customization needs across processes for aggregation, analysis, and action.

Leveraging a Solution
A platform permits personnel throughout the enterprise to manage processes on the security relevant data that they care about. Other personnel processes can be integrated on top of that same data simultaneously as part of the same or a different process which are made easier using the platform. Processes might include triaging events in the SOC, conducting incident response, or the threat team’s processes for integrating external feeds or intelligence. Different processes may take advantage of different applications within the platform as well, and new/better applications may take the place of inefficient or outdated applications. From the management perspective, the platform must present trends, supply real-time updates, as well as support threat-driven long-term prioritization of risk across the business.

A platform is a foundational capability. It should be extensible and evolve as your strategy shift and the need arises to collaborate across the organization. We agree with ExactTarget (Salesforce) in their definition of a tool vs. a platform, and with that put our own Threat Intelligence Platform (TIP) spin on features you want to look for in a platform:

  • Go Broad and Deep with Threat Intelligence Data: A threat intelligence platform (TIP) must capture and aggregate all relevant data from across your internal network, partners, and vendors. This includes customizing data elements requiring storage and management, processes across various teams, as well as the input fields that help staff more quickly support data entry tasks. Ability to extend the platform with pluggable applications is also critical for extension of the platform to support new and evolving needs without requiring platform upgrades.
  • Numbers Matter: The TIP should support the specific metrics you want to track, filter, and analyze via customizable reports to understand risk to the business and efficacy across organizational processes for risk avoidance. It should provide analytics that can be reported to your team members and to the organization as a whole.
  • Go Beyond Sharing with Collaboration and Workflow: The TIP should mature with your security strategy with the ability to share data among your team, across the company, external supply chain, and across information sharing groups like ISACs. It should have the ability to coordinate intelligence informed action among your team which enables streamlined and efficient workflows. Access to the intelligence needs to be balanced with its operational sensitivity, so it must control data visibility with strong role-based access control to ensure data is given to only those who need to see it.
  • Single Source: The TIP must be able to coordinate, track, and measure all security data from within the platform. This avoids wasting time jumping back and forth from inside and outside multiple tools to capture valuable information.
  • Growth and Efficiency: The TIP should be able to integrate your security products across the organization. Verify that not only they can consume actionable information from the platform, but additionally can provide input to the platform for continued analysis and reporting of intelligence driven events across the organization. A TIP should enable growth and automation across all aspects of your business.

As your security program matures, the time you spend detecting threats and responding and measuring risk to your organization is going to be where you need to spend your time. Collecting and producing intelligence through monitoring, detecting, responding, and defending takes time. Your team needs to spend that time focusing on the high priority information that a platform helps decipher, not spending time manually gathering information across multiple tools.  A platform makes sense for your organization once you are ready to proactively gather and analyze results versus reacting to security events.

Stop looking for tools to solve your problems, look for a platform to manage all of your problems.

What would you add to the distinction between a tool and a platform?  Learn more about how we define a Threat Intelligence Platform here.

Read the original blog entry...

More Stories By Adam Vincent

Adam is an internationally renowned information security expert and is currently the CEO and a founder at Cyber Squared Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect™, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, two children, and dog.

IoT & Smart Cities Stories
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...