Saturday, October 18, 2014

Henrybasset weekly

I had the pleasure of attending the FS-ISAC conference this week, and to be the first speaker on the podium on Tuesday morning. The overarching theme was, as many conferences are this year, cyber threat intelligence. My talk offered a timeline analysis of the Russia | Ukraine conflict, and how the timeline tracked so nicely with the Ivanov Doctrine. Ivanov was the Russian Minister of Defense, who after receiving a paper from Putin in 2003, changed radically the direction of the Russian military. It appears they've taken many lessons from the US. In fact, two researchers detailed lessons learned from Desert Storm, Desert Fox, Yugoslavia, and Afghanistan spelled out those lessons learned quite nicely. And you know what? The playbook worked in Ukraine. And the story was well received at the ISAC, and again today to a new audience.

There were a couple of thoughts that I took away from the conference. First, one of the presenters made a comment that "you can't get all of the intelligence you need by yourself". The second, was the idea that there are now verticals forming in the threat intelligence space. I forgot who said it, but verticals appear to be forming. There were several, but these were the ones I remembered without going back and consulting my notes:

  • Information Sharing
  • Content (Intelligence) providers
  • Threat information management companies
Interestingly enough, every time we go out and talk about Red Sky Alliance and Wapack Labs, we seem to run into the same couple of competitors, and so, the education begins. Today, the education started with full-on, make it relevant threat presentation. Strategic intelligence boiled down into the stuff that's going to hurt you today, ending with a list of compromised accounts. Normally we include a few other relevant tidbits but it's been such a busy week that I didn't have time to do the appropriate pre-work before going onsite. None-the-less, they quickly understood the difference between a company that produces intelligence (Wapack Labs), delivering it in a crowdsourced collaboration (Red Sky). The idea that data can be boiled out of good analysis, provided with the context that the ISAC members now know as Intelligence, delivered in such a way that it can be brought into a management system and managed. 

So, when someone says "you can't get everything you need by yourself", try asking someone in Red Sky. When you need information delivered that's both high confidence, human analyzed, and parsable by a management system, try a TIM. And if you don't have researchers that you feel could benefit from a crowdsourced analysis center (Red Sky); when you want a managed security service provider that uses our data, try one of the folks that use data from the portal to protect you. There are a couple of good ones I'd recommend. Call me and I'll introduce you. 

That's it for now. I'm going to keep it short. It's Friday night, and before I drive back to New England tomorrow I'm going to smoke a great cigar and have a martini.. because this was a GREAT week.

So until next time,
Have a GREAT weekend!
Jeff