Welcome!

Cloud Security Authors: Elizabeth White, Zakia Bouachraoui, Pat Romanski, Yeshim Deniz, Liz McMillan

Related Topics: Cloud Security, Containers Expo Blog, @CloudExpo

Cloud Security: Blog Feed Post

Threat Intelligence Platform Just a Tool? By @AdamDVincent | @CloudExpo [#Cloud]

Tools are purpose built and difficult to extend beyond the original purpose to which they were built

Is Your Threat Intelligence Platform Just a Tool?

“If the only tool you have is a hammer, you tend to see every problem as a nail.” Abraham Maslow

Throughout the enterprise there are security personnel using a variety of processes and tools to conduct their incident response, network defense, and threat and risk analysis. Security team efforts haven’t been integrated, or if they are integrated, it is only through rudimentary technologies like email, spreadsheets, a SharePoint portal, or a ticketing system. These techniques, although better than nothing, do not scale as the team grows and the number of malicious events and security processes increases. We saw this same problem with other parts of the business, and platforms were created to support them in their quest for automation, collaboration across use-cases, and better management processes.  For example, PeopleSoft for human resources, Salesforce for sales, SAP for manufacturing, and Eloqua for marketing.

lego-dinosaur

Tool, a Means to an End
Tools are purpose built and difficult to extend beyond the original purpose to which they were built. Platforms are extensible and transformative and make up the foundation of a solution. As an example, picture Legos. They are a foundational building block (literally) of creating many different toys. You can buy specific sets of Legos that include the building blocks of specific things.  So rather than buy a dinosaur you could buy the dinosaur Lego set and that could be integrated together to form a larger structure. Like Legos, a platform allows the specific need to be solved while at the same time providing an integrated solution for longer term solution development.

Tool vs. Platform
There are new tools coming on the market every day, but many are just that, “tools”, and not a true platform. Tools may solve immediate needs, but you need to evaluate your needs across multiple stakeholders across your organization (i.e., SOC, IR, Threat Team, CIO, CISO, Board) and look to a single platform to bring everyone together. The platform must support the integration of all the stakeholders and data that is relevant to each in a way where they can work together as a team. Customization of the platform is key, as each organization will have different processes, and data customization needs across processes for aggregation, analysis, and action.

Leveraging a Solution
A platform permits personnel throughout the enterprise to manage processes on the security relevant data that they care about. Other personnel processes can be integrated on top of that same data simultaneously as part of the same or a different process which are made easier using the platform. Processes might include triaging events in the SOC, conducting incident response, or the threat team’s processes for integrating external feeds or intelligence. Different processes may take advantage of different applications within the platform as well, and new/better applications may take the place of inefficient or outdated applications. From the management perspective, the platform must present trends, supply real-time updates, as well as support threat-driven long-term prioritization of risk across the business.

A platform is a foundational capability. It should be extensible and evolve as your strategy shift and the need arises to collaborate across the organization. We agree with ExactTarget (Salesforce) in their definition of a tool vs. a platform, and with that put our own Threat Intelligence Platform (TIP) spin on features you want to look for in a platform:

  • Go Broad and Deep with Threat Intelligence Data: A threat intelligence platform (TIP) must capture and aggregate all relevant data from across your internal network, partners, and vendors. This includes customizing data elements requiring storage and management, processes across various teams, as well as the input fields that help staff more quickly support data entry tasks. Ability to extend the platform with pluggable applications is also critical for extension of the platform to support new and evolving needs without requiring platform upgrades.
  • Numbers Matter: The TIP should support the specific metrics you want to track, filter, and analyze via customizable reports to understand risk to the business and efficacy across organizational processes for risk avoidance. It should provide analytics that can be reported to your team members and to the organization as a whole.
  • Go Beyond Sharing with Collaboration and Workflow: The TIP should mature with your security strategy with the ability to share data among your team, across the company, external supply chain, and across information sharing groups like ISACs. It should have the ability to coordinate intelligence informed action among your team which enables streamlined and efficient workflows. Access to the intelligence needs to be balanced with its operational sensitivity, so it must control data visibility with strong role-based access control to ensure data is given to only those who need to see it.
  • Single Source: The TIP must be able to coordinate, track, and measure all security data from within the platform. This avoids wasting time jumping back and forth from inside and outside multiple tools to capture valuable information.
  • Growth and Efficiency: The TIP should be able to integrate your security products across the organization. Verify that not only they can consume actionable information from the platform, but additionally can provide input to the platform for continued analysis and reporting of intelligence driven events across the organization. A TIP should enable growth and automation across all aspects of your business.

As your security program matures, the time you spend detecting threats and responding and measuring risk to your organization is going to be where you need to spend your time. Collecting and producing intelligence through monitoring, detecting, responding, and defending takes time. Your team needs to spend that time focusing on the high priority information that a platform helps decipher, not spending time manually gathering information across multiple tools.  A platform makes sense for your organization once you are ready to proactively gather and analyze results versus reacting to security events.

Stop looking for tools to solve your problems, look for a platform to manage all of your problems.

What would you add to the distinction between a tool and a platform?  Learn more about how we define a Threat Intelligence Platform here.

Read the original blog entry...

More Stories By Adam Vincent

Adam is an internationally renowned information security expert and is currently the CEO and a founder at Cyber Squared Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect™, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, two children, and dog.

IoT & Smart Cities Stories
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...