Over the past 18 months, I’ve had the pleasure of working on a platform that allows companies access to Threat Intelligence in a way they’ve never had before. Instead of using a tool like Soltra Edge to just download intelligence, now, customers can use the Perch solution to also detect and triage any sort of alerts that come from their intelligence communities. Intelligence communities appear in many different forms. From the ‘informal’ e-mail or IRC channel groups that you’ll never know about, to the hyper formal ISACs (Information Sharing and Analysis Center) that are mandated by the US federal government. I’ve written previously about community threat intelligence.
Cybersecurity: The Value of Community Threat Data
Tackling Expensive and Complicated Information Security
Yet I haven’t touched on a topic that plagues a lot of companies and industries.
What if their industry doesn’t having a sharing center?
What if the companies don’t know about their industry sharing center?
What if the company doesn’t know how to use the intel?
Worst of all, What if the community doesn’t have any intel!?!?!
To help work through some thoughts here, I wanted to invite my first ever guest write on my blog. Curtis Davis. I first met Curtis when he was investigating the Perch security solution. Over time, we got to work together, including co-presenting a talk on Security Automation and Detection at the LegalSec2017 conference. I found it fitting to continue our co-creation of thought provoking (hopefully) content around cybersecurity, with a topic related to this question.
(logistics, Chris is on the left)
(Curtis is on the right, italics )
Where’s my industry’s threat intel?
This is the second video in my ‘Threat Hunting: With open source software”. You can find the first video here: Threat Hunting: The Network and PCAP
This video dives a bit deeper into monitoring networks. First, we’ll go over how to monitor a modern network, some tips and tricks to help avoid gotchas.
For instance, ever wonder why you can’t see other computers traffic on your network switch? yeah, we talk about that!
We eventually work our way towards using tcpdump. We’ll monitor live traffic and then store it to disk. Lots of content in here, so let’s get started!
Short post today, but, I’m SUPER excited.. I have TWO CISOs lined up to start the podcast series!
Lots of you will know who they are, and you’ll be hearing from them REALLY soon.
We’ll be talking about technology. Not super theoretical definitions that CISOs know, but, we’ll talk about real tactics on how to leverage technology to keep your organizations safe.
What would you ask an industry famous CISO?
Over the next time period, I’m planning on putting together some interviews in podcast format between me and some security folks that I know. I also to meet some new ones in the process!
There are tons of security podcasts and interviews with security folks. Most seem to be covering current events, outages, new threats, etc.
My goal is to bring focus on the technology that we use in the security landscape to fix things, but to also talk about some best practices when it comes to creating new tools and applications.
Know anyone I should talk to?
Some potential job titles:
send them my way!
[[[ at ]]]]
((((( dot )))))