Without threat intelligence ‘you’re just throwing darts at a board,’ Cdn IT pros told

A threat intelligence system is essential for organizations to have today to meet the challenge of sophisticated attackers, a security conference audience of Canadian infosec pros has been told.

“Without the intelligence-led program you’re just throwing darts at the board, things change so fast,” George Rettas, managing director U.S. financial giant Citigroup’s global information security told a panel at the SC Congress conference in Toronto on Wednesday.

And, he added, it doesn’t necessarily mean a large staff. When he ran the intelligence team at JP Morgan Chase, the four-person squad detected the 2013 Target stores breach.

“You don’t need 1,000 people to get the job done,” he said. “You need the right people in the right place.”

On the other hand, it wasn’t merely IT systems that discovered the breach. It took “someone out in the field garnering human intelligence for a very long time for us to make a phone call to put that person in motion where he could be in a position to gather intelligence,” he admitted. “But it took months and months for us to get that person there.”

In other words, threat intelligence means sometimes using snoops. Still, his point is that it takes a lot to assemble meaningful intelligence.

“It’s not going on the Internet and getting a whole bunch of articles and blasting out an email that no one reads. A lot goes into how to enrich and enhance that information to make it knowledge, to make it actionable and to make it timely — it has to be timely, because if its too late it doesn’t matter.”

Not only can a small team be effective, he added, an organization doesn’t have to be the size of bank to have one.

“There’s lot of low-lying fruit — are you using all the data your company has? Are you using fraud to protect the network, using the network to prevent AML (anti-money laundering), are you correlating the data in a way that makes sense?”

He recommends CSOs assess of all the analytical tools the already has that can be leveraged as well as human resources to figure out what gaps there are. Then see if there are threat intelligence tools that can be developed internally or purchased that can fill those gaps.

Building a threat intelligence capability means figuring out who the organization’s main threat actors are, Rettas and panellist Neil Correa, a senior security consultant with KPMG Canada, agreed.

Correa noted that threat intelligence is “proactive incident response” – the CISO knows what to look for before an incident. It’s also not vulnerability where you know there’s a hole, he added but more granular: “You know there is a hole that is being exploited, by how, what exploits are being used and how you can respond to it.”

A threat intelligence capability doesn’t mean an organization will eliminate breaches, he added, but it will reduce the impact.

“Think about operational excellence (in assembling a threat intelligence capability), think about quality control, quality assurance, making sure you have good data in so you have good data out,” said Rettas.

“Think about process re-engineering, a constant problem-solving process that is used every day, think about people with real business and operational skills — not just the people that are able to gather intelligence. There are a whole bunch of attributes that go into an intelligence team.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now