Success Factors in Threat Intelligence: Part 1 - Business Requirements
This series describes a comprehensive “business technical approach” to the justification, definition, design and execution of Threat Intelligence Programs.
Much in the industry is focused solely on one technical aspect or another of threat intelligence data that indicates information about a specific malware family, a set of indicators that can be used to block malicious sites, campaign information that highlights a threat actors profile, their tactic, techniques and procedures. But much of the technically focused content do not discuss how organizations can gather or construct that information themselves, and even more so, how an organization would organize themselves to respond to such data. Much of the output of the industry is providing the fish to organizations rather than teaching the organizations how to fish themselves.
A ‘business technical approach’ is one where we define an approach focused on the business needs, the organization personnel, organizational roles & responsibilities, team structure and those elements’ interaction with technology to address the challenge of successful threat intelligence operations.
In Part 1 we will examine what drives CISOs and organizations to consider adoption of a threat intelligence practice. CISO’s are focused on Risk reduction to their organizations but may not have a fully defined set of requirements on who, how, where Threat Intelligence can assist in that high-level goal. They may require a solid business case to justify the investment and have a supporting set of well-defined business and technical requirements. Some key questions help formulate the executive’s plan.
-What are the costs of solving these requirements?
-How can my organization’s revenue be protected while investing in TI?
-What is the right balance of both tactical and strategic Threat Intelligence-driven responses?
-Where can existing investments be leveraged?
RecordedJun 8 201746 mins
Your place is confirmed, we'll send you email reminders
Your organization has become a vast ecosystem of suppliers, investors, partners, and business interests, all of which make up your global attack surface. Each of these entities presents a unique set of cyber risks and weaknesses. Managing these risks can be a full-time endeavor, no matter the size of your organization. What tools are in your arsenal to defend against these risks? In this webinar, Dan Martin, Product Manager, and Neera Desai, Threat Researcher, will demonstrate how you can maintain situational awareness across your attack surface. You will learn how to:
•Continuously assess and manage cyber risk
•Prioritize risks that are most relevant to your organization
•Maintain a broad view of potential risk impact
Register now to save your spot for this webinar on March 18, 2020 at 1pm ET. Attendees will be eligible to receive one hour of CPE credit towards their professional certificate.
Tom Creedon, @n300trg, Senior Managing Director, APAC
Cyber influence campaigns have plagued countries across the globe in the past few years, with foreign policy objectives, economic goals, and public opinion caught in the crossfire. LookingGlass is currently tracking over 2000 People's Republic of China-related influence operators to better understand the current landscape. In this webinar, Tom will speak about the overall nature of influence operations associated with the People’s Republic of China, with a specific focus on their recent Twitter campaigns. During this webinar, you will gain an understanding of operator account patterns, targets, and modus operandi. Join LookingGlass on February 6 at 1pm ET for our webinar, Project Tweetbox: Investigating China’s Cyber Influence Operations
Attendees will be eligible for one hour of CPE credit.
Neera Desai, Threat Researcher & Marc Larson, Senior Intelligence Analyst
Each year, the cybersecurity industry is bombarded with threats to be concerned about. In the beginning of 2019, we heard about threats like artificial intelligence, machine learning, and ransomware attacks that would plague cyber professionals all year long. As we move into the new year, we want to look back at the trends that stood out to LookingGlass researchers, how they were different than the threats of years past, and which type of threats we can expect to see in 2020. Join LookingGlass’ Neera Desai, Threat Researcher, and Marc Larson, Senior Intelligence Analyst, at 2 pm on January 16th for our next webinar.
Attendees will be eligible for one hour of CPE credit.
James Carnall, Vice President of Customer Support Group, and Eric Olson, Vice President of Product Management
The modern workplace is infiltrated everyday -- bring your own device policies and increased vendor access have introduced a whole new layer of cyber risk to the office environment, whether it’s from malicious insider threat, or accidentally bringing an infected device into the corporate environment. As vendor and third party service provider lists grow longer, so too does the list of related breaches. Since no vendor or customer should be automatically trusted, Zero-Trust frameworks have become more prevalent. How can organizations best protect themselves and their borderless networks? Join LookingGlass’ VP of Product, Eric Olson, and VP of Customer Support Group, James Carnall for a webinar discussing Zero-Trust best practices and war stories at 1 pm ET October 31, 2019.
Attendees are eligible for one hour of CPE Credit.
Chris Dahlheimer, Product Owner, LookingGlass Cyber Solutions & Paul Roberts, Editor in Chief, The Security Ledger
Today, it is not enough to protect your assets by collecting high quality threat intelligence – organizations need inline detection and mitigation at line-speed to fully protect themselves from incoming or existing threats on the network. As cybersecurity strategy shifts towards a “Zero Trust” model, your organization needs to ensure that every device, user, workload, or system is being monitored, both within and without your network perimeter. Implementing this model with existing point solutions without creating security gaps is difficult – which is where the Cybersecurity Fabric comes in. With a Cybersecurity Fabric draped over your existing network architecture, each disparate piece of the security stack can now alert the others to defend and protect your organization.
Join LookingGlass Product Owner, Chris Dahlheimer, with Paul Roberts of Security Ledger as they discuss how weaving a strong Cybersecurity Fabric protects your organization by integrating the network protection your organization has already invested in.
LookingGlass’ Vice President of Customer Support, James Carnall, and CyberEdge’s Co-founder & CEO, Steve Piper
As we move toward the halfway point in the year, it might be a good time to evaluate the effectiveness of your organization’s security posture. According to CyberEdge’s 2019 Cyberthreat Defense Report, 78% of enterprises were victimized by a successful cyberattack last year. Is your organization next?
CyberEdge surveyed 1,200 IT security professionals from 17 countries and 19 industries and learned:
-56% of organizations were compromised by ransomware
-45% of ransomware victims paid the ransom
-13% of a typical IT budget is spent on security
-84% of organizations are experiencing an IT security skills shortage
-Malware, ransomware, and spear-phishing cause the most headaches
Join LookingGlass’ SVP of Delivery & Support, James Carnall, and CyberEdge’s Co-founder & CEO, Steve Piper, as they review insights from CyberEdge’s sixth-annual research study. They’ll also provide answers to important questions, such as:
-What are the weakest links in current security postures?
-What’s standing in the way of IT security professionals?
-What are the hottest security technologies for 2019?
All webinar registrants will receive a complimentary copy of CyberEdge’s 2019 Cyberthreat Defense Report. Register now!
Brandon Dobrec, LookingGlass Cyber Solutions and Paul Roberts, Security Ledger
Vendors, suppliers, and independent subsidiaries are gaining more and more access to your network and sensitive data because today’s business models include outsourcing of non-mission critical programs and tasks, which brings a whole new world of risk to your organization. These not so new cyber risks make traditional perimeter defense no longer enough. Companies need continuous visibility and monitoring of their external partners threat landscapes. Use a cyber situational awareness platform that provides you with a map of your cyber risks you can identify vulnerabilities before the adversary does.
In this webinar, LookingGlass Product Manager, Brandon Dobrec and Security Ledger Editor-in-Chief, Paul Roberts will discuss what you need to assess vendors in the modern cyber environment, providing you with the right map to assess your external risk.
This webinar will answer:
- Why point-in-time scorecards are a necessary component of third party risk management, but are woefully inadequate for proactively defending against future attacks
- How a cyber situational platform delivers an outside-in view of your network, allowing you to see gaps in your network
- Tools, capabilities, features, and functionalities are needed to assess vendor risk – continuous monitoring, alerting, reporting, and dynamic collection & scoring, among others
- Common attack vectors, why these vectors remain open, and what attack vectors are emerging regularly
Cyber threats are becoming more frequent and more targeted. Bad actors are more adept at social engineering and investigating your network and infrastructure to understand your organization’s cyber strengths and weaknesses. Security teams need to focus on who or what will seek to exploit them and how they are likely to do so, instead of being hyper-focused on just the threat itself.
This webinar delves into how one of the world's top financial services firms developed and implemented a robust threat model capable of repelling the world's most sophisticated hackers and nation-state actors. Join LookingGlass Product Manager, Dan Martin, and Security Ledger Editor-in-Chief, Paul Roberts for an introduction to ScoutThreat™, a threat management platform that helps security analysts streamline threat analysis work and extract the maximum value from threat intelligence.
In this webinar you will learn:
- Advantages of modeling adversaries to get ahead of threats to your IT environment
- Structuring threat models to account for a myriad of sophisticated cyber risks
- How to overcome hurdles in creating robust threat models that address real-world risks
- How ScoutThreat can help you build a proactive security posture
LookingGlass Senior Vice President of Product, Eric Olson, and Vice President of Customer Support, James Carnall
It’s 2018 and threat actors continue to leverage the same tactics – phishing, ransomware, botnets, etc. – against their targets. They’ve using the same techniques for years, yet it’s still working. Do we sound like a broken record yet?
With October being National Cyber Security Awareness Month, it’s an ideal time to re-evaluate the cyber threat landscape and your cybersecurity hygiene. Topics like fake news, privacy, and the Internet of Things are “hot” topics in mainstream culture, and you need to know their impacts on your organization.
Join LookingGlass’ Senior Vice President of Product, Eric Olson, and Vice President of Customer Support, James Carnall, in a lively discussion about the hottest cybersecurity topics and what your organization can do to protect itself against them. Wednesday, October 24 @ 2PM ET.
This webinar will also cover:
· Business Email Compromise (BEC)
· Single Sign-On and Password Managers
· Information Warfare
· Third Party Risk
Matt Bromiley SANS Instructor and Allan Thomson, LookingGlass Cyber Solutions CTO
It’s 2018 – why are we still manually blocking firewall ports, manually ingesting threat feeds, and manually implementing blocks from well-known, trusted sources? Automation and integration allows security professionals to keep up with the pace of today’s threat landscape. The two go hand in hand but are they right for every organization?
This webcast explores the pros and cons of automation and integration, focusing on what an organization needs to consider before implementing such an approach. Most important, the webcast and associated white paper will help answer these key questions:
What would it take to manually do what automation does?
How can I protect my assets?
How do I get actionable threat intelligence?
IDC Research Director Chris Kissel and LookingGlass Product Manager Brandon Dobrec
Traditional cybersecurity leads with a “block & tackle” strategy. But as threats become more complex, targeted, and sophisticated, security operations centers (SOC) require a better understanding of how threats beyond the perimeter interact with their network. Join IDC special guest, Research Director Chris Kissel and LookingGlass Product Manager Brandon Dobrec in a discussion on modern-day SOC needs for a threat platform that marries automated intelligence tradecraft with the human element.
Michael Suby, VP of Research at Frost & Sullivan, and James Carnall, VP of Customer Support Group at LookingGlass
In the highly dynamic online landscape of misinformation, fake news, gossip, and the trading of absconded data, organizations must expand their cybersecurity arsenals in protecting their brands, personnel, facilities, and sensitive information. They must take into account what exists outside the perimeter in the greater cyber ecosystem: the surface, dark, and deep web. Locating and assessing these threats, however, is a challenge for even experienced threat hunters. The tools and techniques are non-standard. You should ask yourself, “Is my security team ready to tackle what lies beyond the perimeter?” If not, let us shed light on this topic. Register for LookingGlass' "Threats Beyond the Perimeter" webinar on Tuesday, July 17 @ 2 pm ET to hear Michael Suby, VP of Research at Frost & Sullivan and James Carnall, VP of Customer Support Group at LookingGlass discuss how these scenarios may affect your brand, employees, and facilities.
Paul Roberts, Security Ledger & Brandon Dobrec, LookingGlass Cyber Solutions, & special guest Chris Roberts
Cyber threat intelligence – when properly gathered, refined, and applied – can help organizations identify business risks and target both protections and mitigations. But what distinguishes high-quality and actionable threat intelligence from low-quality security "noise"? How are cutting edge CISOs and IT security teams applying threat intelligence to respond to incidents and slam shut windows of compromise?
Find out in this webinar moderated by Paul Roberts, the Editor in Chief at The Security Ledger. Paul will be joined by LookingGlass’ Brandon Dobrec, and counter threat intelligence & vulnerability research expert Chris Roberts. Together they will review the value of threat intelligence to organizations, discuss how cutting edge firms are using threat intelligence to their advantage, and review how to orchestrate threat intelligence to automate mitigation and combat third party risk.
Olga Polishchuk, LookingGlass Sr. Director of Investigation, and Rob DuBois, Founder of Impact Actual
Hundreds of thousands of fans and their personal devices. Increased political tension. International boycotts. What is at stake at the 2018 FIFA World Cup? This webinar will examine the cyber and physical risks surrounding this year’s upcoming World Cup in Russia including the likelihood of a large-scale cyber attack and a simulation of how a possible attack might play out – how it could be launched and the steps to taken to ameliorate the effects.
Join LookingGlass’ Sr. Director of Investigation, Olga Polishchuk, and special guest speaker Rob DuBois of Impact Actual on Wednesday, June 6 @ 9am ET/ 2pm GMT as they explore elevated threats that may play out during one of the world’s largest and most treasured sporting events. Register now!
Vice President of Customer Support James Carnall and Vice President of Intelligence Operations Eric Olson
Phishing, ransomware, and data breaches plague organizations of all sizes and industries, but the financial services market has always had the largest target on its back. As a mid-market financial organization, how do you fend off these attacks when you don’t have the budget for everything you need: data feeds, tools, analysis and mitigation?
The answer: “Threat Intelligence-as-a-service.” This, robust, cost-effective option, brings together dozens of structured threat intelligence feeds, online monitoring of social media and the dark web, and round-the-clock human review to give you vetted, relevant intelligence specific to your organization. Even better, there is no hardware or software to install, this is a completely managed service that can be up and running in hours or days. It finally puts “big bank” threat intelligence capabilities within the reach of smaller organizations.
Join LookingGlass’ Vice President of Customer Support James Carnall and Vice President of Intelligence Operations Eric Olson on Wednesday, March 21 @ 2pm ET as they discuss how threat intelligence can be affordable for mid-market organizations with LookingGlass’ Information Security-as-a-Service package, a new offering tailor made for your organization’s cybersecurity needs.
Allan Thomson, LookingGlass Cyber; Jason Keirstead, IBM Security Systems; Henry Peltokangas, Cisco Systems
Threats in today’s cyber landscape are becoming increasingly sophisticated. To successfully fend off attacks, organizations need security tools that work effectively and efficiently across vendors; however, it is not uncommon for one vendor’s products to not work with others, despite claiming support for standards. In this webinar, we will introduce some of the key challenges a heterogeneous integrated security environment must solve and how STIX/TAXII2 standards-based technologies support solving those challenges in a new and effective manner.
Olga Polishchuk, Senior Director of Investigation and Jonathan Tomek, Senior Director of Research
Our webinar with LookingGlass’ Senior Directors of Intelligence, Olga Polishchuk and Jonathan Tomek will explore how you and your security team can benefit from finished intelligence, including insights into key topics like policy, high-profile events, and threat trends. Whether you need to know more about international business law or want to a specific threat actor’s profile, having strategic intelligence at your fingertips can help keep your organization safe from cyber and physical threats.
“I have to prepare a report for our senior management, but don’t have the necessary intel.”
“We have an international event happening in our city. Having strategic intelligence will help our security team be prepared.”
“If my team had access to finished intelligence, they would be better able to predict lateral movements by adversaries.”
Join us on February 21 @ 2PM ET to learn how you can enable your security team to make better tactical and business decisions.
Eric Olson, VP of Intelligence Operations, and James Carnall, VP of Customer Support
2017 was filled with cybersecurity meltdowns. From WannaCry to BadRabbit, the cybersecurity landscape has only become more volatile. With cyber threats on the rise, is your organization’s security posture ready for 2018?
Join LookingGlass’ Vice President of Customer Support, James Carnall and Vice President of Intelligence Operations, Eric Olson as they take a closer look at 2017’s major cyber-related incidents and provide tips and recommendations on how your organization can prepare for 2018. Webinar attendees will learn:
· Major cybersecurity trends from the past year
· Cybersecurity tactics that worked – and didn’t work – in 2017
· How to take a proactive cybersecurity approach to fending off cyber threats
Security organizations face numerous challenges, from increasingly large volumes of data and lack of tools and trained staff, to validate intelligence to the inability to operationalize threat intelligence. What’s required is a solution that addresses their business needs at every stage of the business cycle.
In this webinar, Intellyx’s Principal Analyst Charles Araujo and LookingGlass’ Senior Vice President of Threat Intelligence Services Doug Dangremond will discuss the benefits of the threat intelligence-as-a-service (TIaaS) model and how it can strengthen and complement security postures of varying maturity levels, including:
- I just started my security program and have immediate needs that need to be dealt with right now
- I’ve grown my team but I need to take it to the next level
- I have a specific occurrence that needs to be dealt with
- I don’t have CapEx, and need to determine what to do in advance of building a team
Eric Olson, LookingGlass Vice President of Intelligence Operations and Nick Hayes, Forrester Senior Analyst – Security & Risk
By now, the majority of us have likely been inundated with stories about third party data breaches and how one vendor’s vulnerability can cost your organization millions. But how do you know if you’re doing enough to stop third party risk?
As we enter 2018, new U.S. and European cyber regulations are going into effect, and organizations can no longer check the box when it comes to their vendors’ cybersecurity. You are not only liable for knowing where you are most at-risk, but now you must also understand how that risk affects your organization and identify a solution for mitigating that risk.
This webinar features guest speaker Nick Hayes, Senior Analyst at Forrester and LookingGlass VP of Intelligence Operations Eric Olson. They will delve into the third party risk landscape: our current state of affairs, and where the industry is moving, as well as how you can take a different approach to third party risk prevention, including:
• How to see where your vendors are already compromised
• The importance of actionable intelligence for real-time mitigation
• Why a continuous monitoring solution is the future of third party risk
LookingGlass Cyber Solutions delivers comprehensive threat intelligence driven security through a scalable solution portfolio of machine readable threat intelligence (MRTI), threat intelligence management with 140+ data sources transformed into global Internet and threat intelligence, threat intelligence services, and network threat mitigation.
By addressing risks across structured Indicators of
Compromise (IoCs), unstructured
and open source data (OSINT), internal network telemetry, and network threat mitigation, customers gain unprecedented understanding into threats that may impact their business including cyber, physical assets, and third party partners.
Prioritized, relevant and timely insights enable customers to operationalize threat intelligence in an effective and efficient way throughout the threat lifecycle.