June 20, 2015
In this presentation on June 20th, 2015 The Rubicon Advisory Group founder, Edward McCabe, speaks at BSides in Cleveland, Ohio on the topic of Building a Threat Intelligence Program and its importance to an organization.
Threat Intelligence Management gives an organization the ability to get in front of malware distribution, bulk spammers, reconnaissance scanners, known C2/CnC systems, phishing campaigns, botnets or country of origin. Through Threat Intelligence Management an organization can defend the business, prioritize resources, make well informed decisions and reduce the impact to the business.
Building a Threat Intelligence Program starts with choosing a field of battle, which includes critical consideration regarding configuration management, asset management and change management. For example, using a honey pot will help an organization understand the origin of an attack, if they are automated or targeted attacks, the progression of attacks and what the bad actors are trying to accomplish.
What is Threat Intelligence Management? At its core, Threat Intelligence Management is a business management function with the specific goal of producing actionable information, in the effort of providing leadership with the ability to make the most well informed decisions.
Threat Intelligence gathering creates business value by leveraging actionable threat intel to prevent larger impacts to the organization, giving organizations a plan to proactively defend themselves and changing the way organizations operate and view adversaries.