Machine Learning and Natural Language Processing
I tend to spend a good solid hour to hour and a half of my day getting a recap of cyber events that occurred in the world the prior day from various feed sources. The feeds vary from the written reports generated by security focus companies to mainstream media sources to Twitter feeds of noted malware and cybersecurity professionals to updated podcasts from trusted and recommended sources. From ingesting these streams of data on a consistent and regular basis, I am able to develop threat intelligence to help understand the current cyber battlespace, who the current threat actors are, what are the motives for the current operations being conducted, how the threats are being implemented from the technical perspective, how do these threats impact the operational and strategic posture of clients and customers, and what would be the recommended courses of action for proceeding forward in mitigating the risks to prevent becoming susceptible to exploitation. I base all my decisions for tech integration in my personal and professional life based on this constant iterative cycle I engage in on a daily basis.
Given my past background working with multiple Service and Department of Defense agencies this is pretty natural for me. I am used to dealing with organizations where the value of intelligence across the entire threat spectrum is critical for commanders and senior leadership to make informed decisions on what requires focus and attention in the current environment. The value of intelligence within the military goes back well over a millennium and its importance within the overall military hierarchy can be found even today in the Continental Staff System that is used by NATO countries. In this structure, intelligence is placed after the administrative staff and before the operations staff denoting its level of importance based on prior military tradition dating back to Napoleon’s Grand Arm?e.
Yet while governments and their militaries have come to recognize how importance intelligence is to their success, it is very rare and uncommon to find this within commercial business settings. Even if you do find units within businesses labeled to be threat intelligence units, they are generally composed of technical individuals who are not intelligence practitioners nor do they understand the intelligence cycle, especially in matters related to planning and direction. What ends up generally happening in my experience are teams implementing haphazard actions to mitigate risks that are not well understood by senior management and lack proper planning and direction with respect to the business. As Anton Chuvakin presented what quantifies for most businesses as threat intelligence is akin to grabbing an AK-47 and firing blindly at any target that moves.
Going back to my friend and his quest for integrating tech into his home environment for a minute, my discussion with him about the current landscape of threats with respect to IOT devices was not to scare him. Rather my intent was to inform him from a threat intelligence perspective, that there are threats targeting IOT devices and much like your desktop, laptop, smartphone, and tablet devices. These too require the understanding that they need to be secured on your home network and updated regularly but due to the nature of these devices they need to be replaced regularly as companies move on to the next new device to present to market. Looking at this from a threat intelligence perspective, this means my intelligence analysis cycle remains the same but the time component becomes faster due to the disposable nature of these devices.
Knowing how to incorporate threat intelligence to your business environment is both a technical process and a cultural mind shift. At its most high level, though, it requires that the value of threat intelligence to the organization is understood by senior leadership from a qualitative perspective vice a quantitative perspective.
Much like R&D efforts, threat intelligence does not always yield immediate results to bottom lines.
Yet its value in shaping and guiding business decisions moving forward can mean the difference between recognizing and mitigating risks posed by threats vice becoming the next lead story regarding data breach and loss in the media.
In a future post I plan on going into detail on the overall intelligence cycle as it relates to Joint Publication (JP) 2-0: Joint Intelligence dated 23 October 2013, it’s lessons learned from over a century of US military engagement, and how it can be adapted for commercial business. As always if you have questions regarding cyber security and threat intelligence feel free to reach out.