Future of Threat Intelligence

In our special episode of the Future of Threat Intelligence podcast, David welcomes Ryan Chapman, Threat Hunter & Author and Instructor at SANS Institute and Matthew Winters, Lead Threat Hunter at T. Rowe Price, to break down Team Cymru's second annual Voice of a Threat Hunter report. Our two experts discuss the statistic that nearly 50% of organizations experienced a major security breach last year, emphasizing the critical role of threat hunting in enhancing incident response. 
 
Ryan and Matt also touch on the importance of proactive detection in cybersecurity, the necessity of curiosity as a fundamental skill for threat hunters, and the challenges organizations face regarding visibility and tool availability.
 
Topics discussed:
Nearly 50% of organizations reported experiencing a major security breach in the past year, highlighting the urgency for improved security measures.  
72% of breached organizations believe that threat hunting significantly enhanced their ability to respond to incidents effectively.  
Proactive detection is becoming essential as organizations recognize the need to stay ahead of evolving cyber threats and attacks.  
Curiosity is a key skill for threat hunters, enabling them to uncover hidden vulnerabilities and enhance overall security posture.  
Many organizations struggle with visibility into their networks, which hampers effective threat hunting and incident response efforts.  
The importance of leveraging existing tools and resources is emphasized to maximize threat hunting capabilities without requiring significant new investments.  
Collaboration across security teams can enhance threat hunting efforts, leading to better detection, response, and overall cybersecurity resilience.
 
Key Takeaways: 
Assess your organization's current security posture to identify potential vulnerabilities and areas needing improvement in threat detection and response.
Implement proactive threat hunting practices to stay ahead of evolving cyber threats and enhance incident response capabilities.
Foster a culture of curiosity within your security team to encourage exploration and investigation of anomalies in your network.
Leverage existing tools and resources effectively to maximize your threat hunting efforts without incurring significant additional costs.
Collaborate across different security teams to share insights and improve the overall effectiveness of threat detection and incident response.
Invest in training programs focused on threat hunting skills to empower your team with the knowledge needed to identify threats.
Document all threat hunting activities and findings to create a knowledge base that can inform future security strategies and decisions.
Establish clear KPIs to measure the effectiveness of your threat hunting initiatives and overall security posture.
Engage with external cybersecurity communities to share experiences, learn best practices, and stay updated on the latest threat intelligence.
Review and update your security tools regularly to ensure they are equipped to handle the latest threats and vulnerabilities. 
 

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Howard Holton, CTO of GigaOm. Howard shares his insights on the increasing vulnerability of small and medium-sized businesses to cyber threats because adversaries are targeting them due to their limited resources and maturity in cybersecurity practices. 
 
Howard emphasizes the importance of understanding the business-like nature of cybercriminals and their strategies. He also explores the role of AI and large language models in enhancing threat intelligence, highlighting how these tools can help organizations prioritize their security efforts effectively. 
 
Topics discussed:
The increasing trend of cybercriminals targeting small and medium-sized businesses due to their lack of resources and cybersecurity maturity.  
Understanding how adversaries operate like businesses, seeking maximum profit by exploiting vulnerabilities in less fortified organizations.  
Actionable cybersecurity measures that organizations can implement immediately to reduce risks and enhance their defenses.  
The role of AI and large language models in improving threat intelligence and making security tools more intuitive for users.  
The challenges of transitioning from a technical role to an executive position and the skills needed for effective leadership in cybersecurity.  
The significance of communication and awareness within organizations to ensure that executive teams understand cybersecurity risks and resource needs.  
Strategies for mitigating the impact of cyber attacks, focusing on prioritizing efforts based on potential threats and vulnerabilities.  
The evolving landscape of cyber threats and how organizations can stay informed and adapt to new challenges in real-time.  
The necessity of governance in implementing AI and LLMs to ensure that sensitive information is handled appropriately within organizations.  
The ongoing need for continuous improvement in cybersecurity practices, as threats are constantly evolving and new vulnerabilities emerge.   
 
Key Takeaways: 
Assess your organization's cybersecurity maturity to identify vulnerabilities and prioritize areas for improvement, especially if you are a small or medium-sized business.
Implement immediate cybersecurity measures to reduce the likelihood of a compromise, focusing on actionable steps that can be completed within hours or days.
Leverage AI and large language models to enhance threat intelligence, making it easier to analyze data and respond to potential threats effectively.
Communicate regularly with your executive team about cybersecurity risks and resource needs to ensure they are informed and can provide necessary support.
Establish a governance framework for AI and LLMs to manage sensitive information and ensure compliance with organizational policies.
Educate your team on the business-like nature of cybercriminals, helping them understand how attackers target organizations based on perceived weaknesses.
Prioritize cybersecurity training for employees to foster a culture of awareness and preparedness against potential cyber threats.
Monitor emerging cyber threats continuously to stay informed about new tactics and vulnerabilities that could impact your organization.
Document all cybersecurity policies and procedures clearly, ensuring that employees understand their roles and responsibilities in maintaining security.
Review and update your incident response plan regularly to reflect changes in the threat landscape and ensure your organization is prepared for potential attacks. 

In our latest episode of the Future of Threat Intelligence podcast, David sits down with Ryan Link, Principal of Threat Detection and Response at CDW. Ryan shares his decade-long journey in cybersecurity, emphasizing the importance of thinking like an attacker to enhance threat detection capabilities. 
 
He discusses the critical role of continuous training for security teams and the integration of AI in reducing detection fatigue. Additionally, Ryan highlights the necessity of cloud training to future-proof cybersecurity teams in an increasingly digital landscape. Tune in for valuable insights on building a resilient and adaptive security strategy! 
 
Topics discussed:
The importance of thinking like an attacker to identify potential risks and improve overall security posture.  
The critical role of continuous training for cybersecurity professionals to keep skills sharp and stay updated on threats.  
The integration of AI in threat detection, focusing on reducing noise and enhancing efficiency in security operations.  
The need for collaboration between blue and red teams to improve detection capabilities and incident response processes.  
The value of cloud training as essential for future-proofing cybersecurity teams in an increasingly cloud-centric digital environment.  
Why organizations should assess their maturity level before leveraging threat intelligence, ensuring it aligns with their capabilities and resources.   
 
Key Takeaways: 
Assess your cybersecurity maturity level to determine the appropriate use of threat intelligence and avoid overspending on unnecessary tools.  
Implement continuous training programs for your security team to keep skills sharp and ensure they stay updated on evolving threats.  
Encourage team members to think like attackers to better identify vulnerabilities and enhance your organization’s overall security posture.  
Integrate AI technologies into your threat detection processes to reduce noise and improve the efficiency of security operations.  
Foster collaboration between blue and red teams to enhance detection capabilities and ensure effective incident response strategies.  
Prioritize cloud training for your team to understand the complexities of cloud environments and secure data effectively.  
Develop custom detection capabilities by leveraging threat intelligence to create tailored responses to specific threats your organization may face.  
Document processes and procedures regularly to maintain clarity and support onboarding of new team members effectively.  
Utilize automated testing environments to streamline the threat detection lifecycle and improve the accuracy of your security tools.  
Take regular breaks to prevent burnout among your security team, ensuring they remain mentally sharp and effective in their roles. 

In our latest episode of the Future of Threat Intelligence, David speaks with Deb Radcliff, Cybersecurity Analyst, Journalist, & Author of the Breaking Backbones hacker trilogy, who shares her unique journey from investigative journalism to writing her books. She discusses the importance of understanding hacker culture and the human side of cybercrime, emphasizing that many hackers are driven by curiosity rather than malice. 
 
Deb also explores the ethical implications of artificial intelligence and the challenges of maintaining privacy in an increasingly tech-driven world. With insights drawn from her experiences and fiction, Deb offers a thought-provoking perspective on the future of cybersecurity and the role of storytelling in shaping our understanding of it. 
 
Topics discussed:
How the Breaking Backbones trilogy humanizes hackers, portraying them as complex individuals rather than mere criminals in a tech landscape.  
Deb emphasizes the importance of understanding social engineering and its role in both hacking and cybersecurity defenses.  
The ethical implications of artificial intelligence are discussed, highlighting potential risks and responsibilities in its development and use.  
Privacy and autonomy are critical themes, with Deb advocating for individual rights in an increasingly monitored and tech-driven society.  
Deb reflects on her early experiences with hackers, illustrating the wild west nature of the cybersecurity landscape in the 1990s.  
The conversation emphasizes the need for collaboration between tech experts and creatives to address cybersecurity challenges effectively.  
 
Key Takeaways: 
Explore the hacker culture to gain insights into motivations and behaviors that can inform better cybersecurity practices.  
Advocate for ethical AI development by engaging in discussions about its implications on privacy and security in society.  
Educate yourself and others about social engineering tactics to enhance awareness and improve defenses against cyber threats.  
Promote privacy rights by supporting initiatives that protect individual autonomy in an increasingly digital and monitored world.  
Collaborate with creatives and tech experts to develop innovative solutions that address the challenges of cybersecurity.  
Participate in cybersecurity training programs to improve your understanding of current threats and effective response strategies.  
Engage in conversations about the ethical use of technology to foster a culture of responsibility among developers and users.  
Utilize storytelling techniques to communicate complex cybersecurity concepts, making them more relatable and understandable for broader audiences.  
Stay informed about emerging technologies and their potential impacts on security to proactively adapt your strategies and practices.

In our latest episode of the Future of Threat Intelligence podcast, David chats with Ryan Chapman, Threat Hunter, Author & Instructor at SANS Institute. They explore the alarming evolution of ransomware tactics, including the rise of multi-extortion strategies where attackers not only encrypt data but also threaten to leak sensitive information. 
 
Ryan emphasizes the critical mistakes organizations make, such as failing to implement basic security practices and allowing administrative privileges for general users. He also discusses the importance of leveraging internal data for effective threat hunting. Tune in to gain insights on strengthening your organization's defenses against ransomware attacks! 
 
Topics discussed:
The evolution of ransomware tactics, highlighting the shift from simple encryption to sophisticated human-operated attacks.  
The rise of multi-extortion strategies, where attackers threaten to leak sensitive data in addition to encrypting it.  
Why organizations often fail to implement basic security practices, leading to increased vulnerability to ransomware attacks.  
The importance of restricting administrative privileges for general users is emphasized to enhance overall security posture.  
The value of better visibility through proper logging and monitoring to detect and respond to threats effectively.  
Leveraging internal data as intelligence is crucial for effective threat hunting and identifying potential vulnerabilities within the organization.  
The significance of ongoing education and training in cybersecurity to keep defenses robust against evolving threats.   
 
Key Takeaways: 
Implement basic security practices, such as restricting administrative privileges for general users, to reduce the risk of ransomware attacks.  
Conduct regular audits of Active Directory permissions to ensure proper access controls and minimize potential vulnerabilities.  
Utilize full tunnel VPNs for remote users to secure all traffic and enhance protection against external threats.  
Enable comprehensive logging on hosts, including PowerShell and Active Directory events, to improve visibility and incident response capabilities.  
Leverage internal data as intelligence by analyzing alerts and indicators of compromise (IOCs) to identify potential threats.  
Educate employees on recognizing phishing attempts and other social engineering tactics to prevent initial access for attackers.  
Collaborate with threat hunting teams to share insights and findings, fostering a proactive approach to cybersecurity.  
Monitor for unusual service names or processes that appear on fewer devices to identify potential threats in your environment.  
Document all findings during threat hunting sessions, regardless of whether a threat is identified, to build organizational knowledge.  
Stay updated on the latest ransomware tactics and trends to adapt your security strategies and defenses accordingly.   

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Matthew Winters, Lead Threat Hunter at T. Rowe Price. Matthew shares his unconventional journey into cybersecurity, highlighting the importance of soft skills and creativity in threat hunting that he has picked up along the way.
 
He explains that threat hunting is akin to applying the scientific method to networks, starting with hypotheses rather than alerts. Matthew and David also explore the critical role of threat intelligence in shaping effective hunting strategies and the essential skills needed to build a successful threat hunting team. Tune in for valuable insights on enhancing your cybersecurity posture! 
 
Topics discussed:
Threat hunting as applying the scientific method, starting with hypotheses instead of relying solely on alerts.  
The importance of threat intelligence as a foundational element for effective threat hunting and proactive defense strategies.  
Key skills for threat hunters include technical knowledge, creativity, and the ability to reassess and redefine problem statements.  
A hybrid approach to data analysis is recommended, utilizing both network and endpoint data for comprehensive threat visibility.  
The challenges of measuring threat hunting effectiveness, and suggestions for metrics like defenses created and impact on adversaries.   
 
Key Takeaways: 
Explore veteran programs to facilitate career transitions into cybersecurity, leveraging the unique skills and experiences of military personnel.  
Adopt the scientific method in threat hunting by formulating hypotheses before analyzing data, ensuring a structured approach to investigations.  
Utilize threat intelligence to inform your threat hunting strategies, focusing on real-world adversary behaviors and techniques relevant to your organization.  
Encourage creativity within your team by identifying individuals with a "MacGyver Drive" who can think outside the box to solve complex problems.  
Implement a hybrid data analysis approach by integrating both network and endpoint data to gain comprehensive visibility into potential threats.  
Define clear boundaries between threat hunting, incident response, and red teaming to maintain focus and effectiveness in each discipline.  
Measure the effectiveness of your threat hunting program by tracking metrics such as defenses created and the impact on adversaries.  
Foster a culture of continuous learning within your threat hunting team to enhance skills and adapt to evolving cybersecurity challenges.  
Leverage tools like graph databases to analyze relationships between threats and improve the precision of your hunting efforts.  
Challenge your team to reassess problem statements regularly, ensuring they are asking the right questions to drive effective threat hunting.   

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Gregory Van den Top, AI Practice Leader for Europe at Marsh. They explore the critical importance of understanding cyber risk as an integral part of business strategy, rather than a technical afterthought. 
 
Gregory emphasizes the need for organizations to conduct thorough risk assessments and quantify potential impacts, particularly in light of the growing threat of ransomware. He also highlights the significance of fostering a strong link between cybersecurity and executive leadership to enhance organizational resilience. Tune in for actionable insights to strengthen your cyber risk management approach! 
 
Topics discussed:
 Why cyber risk should be integrated into overall business strategy, not treated as a separate technical issue.  
How conducting thorough risk assessments helps organizations understand their current cyber risk landscape and potential vulnerabilities.  
How quantifying cyber risk is essential for informed decision-making and aligning with organizational goals, particularly for financial stakeholders.  
Why ransomware poses a significant threat, requiring organizations to prioritize awareness, preparedness, and proactive incident response measures.  
How building resilience in cybersecurity involves not just response plans but also protective measures to prevent incidents from occurring.  
How establishing clear roles and responsibilities, including board-level oversight, enhances the management of cyber risk across the organization.  
Why cybersecurity education for non-technical stakeholders is crucial for fostering a comprehensive understanding of risks and promoting informed discussions.   
 
Key Takeaways: 
Integrate cyber risk assessments into your overall business strategy to ensure a holistic approach to risk management.   
Quantify cyber risks to provide tangible insights for decision-makers, particularly for CFOs and other financial stakeholders.  
Prioritize awareness and preparedness for ransomware threats by implementing proactive incident response plans and training programs.  
Establish clear roles and responsibilities for cybersecurity within your organization, including board-level oversight for better risk management.  
Foster a culture of cybersecurity education among all employees to enhance understanding and promote informed discussions about risks.  
Develop a robust incident response plan that includes forensics, legal advice, and communication strategies to mitigate the impact of breaches.  
Engage in regular tabletop exercises using AI tools to simulate cyber incidents and improve your organization’s resilience and response capabilities.  
Collaborate with cybersecurity experts to stay updated on emerging threats and best practices for managing cyber risk.  
Review and update your cybersecurity policies and practices regularly to adapt to the evolving threat landscape and organizational changes.  

In our latest episode of the Future of Threat Intelligence podcast, David Bianco, Staff Security Strategist at Splunk, shares his insights on the evolving landscape of threat hunting. He introduces the PEAK threat hunting framework, emphasizing its role in enhancing security measures. 
 
David also discusses the critical differences between threat hunting and red teaming, highlighting how both approaches can complement each other. He also divesinto the essential skills needed for building an effective threat hunting team and offers actionable advice on measuring the success of threat hunting programs. 
 
Topics discussed:
The PEAK threat hunting framework, designed to enhance proactive cybersecurity measures and improve threat detection capabilities.  
The distinction between threat hunting and red teaming and their complementary roles in strengthening security defenses.  
Hypothesis-based threat hunting and the importance of formulating and testing hypotheses to identify potential threats.  
Baseline threat hunting as a method to understand normal activity, aiding in the detection of anomalies.  
Key skills for an effective threat hunting team, including knowledge of threat actors, technology stacks, and data analytics expertise.  
How metrics for measuring threat hunting success are essential for demonstrating impact and driving continuous improvement in security programs.  
 
Key Takeaways: 
Adopt the PEAK threat hunting framework to structure your threat hunting initiatives and enhance your cybersecurity posture effectively.  
Differentiate between threat hunting and red teaming to understand their unique roles and how they can complement each other in security.  
Formulate clear hypotheses for threat hunting activities to guide your investigations and improve the chances of identifying real threats.  
Conduct baseline threat hunting to establish normal activity patterns, making it easier to detect anomalies and suspicious behavior.  
Build a diverse threat hunting team by incorporating members with expertise in threat intelligence, data analytics, and incident response.  
Implement actionable metrics to measure the success of your threat hunting program and demonstrate its impact on overall security.  
Start small with your threat hunting efforts, focusing on manageable projects that can scale as you gain experience and success.  
Encourage collaboration between threat hunters and other security teams to share knowledge and improve overall detection capabilities.  
Continuously educate your team on the evolving threat landscape to stay ahead of potential risks and enhance threat hunting effectiveness.  
Utilize existing data analytics tools to analyze collected data during threat hunting, enabling informed conclusions about threat actor activities.  

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Eric Hanselman, Chief Analyst at S&P Global, about the critical role of threat intelligence in today’s cybersecurity landscape. Eric emphasizes the need for organizations to integrate threat intelligence operationally, moving beyond mere threat feeds to develop comprehensive threat models. 
 
He discusses the importance of maintaining operational hygiene, building a peer ecosystem for information sharing, and aligning security strategies with overall business objectives. Eric also offers valuable insights on navigating the complexities of cybersecurity and the future of threat intelligence. 
 
Topics discussed:
Insights on the evolving role of threat intelligence in modern cybersecurity strategies and operations.  
How organizations must integrate threat intelligence operationally to effectively manage risks and inform day-to-day security decisions.  
Why simply having a threat feed is insufficient; understanding and updating threat models is crucial for effective risk management.  
How operational hygiene, including good backups and data protection, is essential for defending against ransomware and other cyber threats.  
The value of building a community for information sharing enhances collaboration and provides valuable reality checks among cybersecurity professionals.  
Aligning security strategies with business objectives ensures that security measures support overall organizational goals and operations.  
Looking ahead and maintaining a forward-thinking perspective is vital for anticipating future cybersecurity challenges and opportunities.   
 
Key Takeaways: 
Integrate threat intelligence into daily operations to enhance your organization’s ability to respond to emerging cybersecurity threats.  
Develop comprehensive threat models that are regularly updated to reflect the evolving risk landscape and inform strategic decisions.  
Prioritize operational hygiene by ensuring robust data protection measures and effective backup systems to mitigate ransomware risks.  
Build a network of cybersecurity peers for information sharing to gain insights and reality checks on current security practices.  
Align your security strategies with business objectives to ensure that cybersecurity efforts support overall organizational goals and operations.  
Stay informed about emerging technologies, such as GenAI, and assess their potential impact on your security posture.  
Engage in end-user research to understand the pain points of security teams and develop solutions that address their challenges.  
Look beyond immediate threats and focus on long-term strategic planning to anticipate future cybersecurity challenges.  
Foster a culture of collaboration within your organization to enhance communication between security teams and other business units.  
Regularly evaluate and refine your security practices to ensure they remain effective in the face of evolving threats and technologies.   

In our latest episode of the Future of Threat Intelligence podcast, host David Monnier welcomes David Ortiz, Global CISO at Church & Dwight. David shares insights from his extensive career in information technology and cybersecurity, emphasizing the importance of understanding the evolving threat landscape. 
 
David touches on the critical role of threat intelligence in decision-making, the challenges posed by sophisticated phishing techniques and deepfakes, and the necessity of integrating cybersecurity into business strategy. He also highlights the significance of collaboration across various teams and the responsible use of AI in enhancing security measures for organizations. 
 
Topics discussed:
The importance of understanding the evolving threat landscape for effective cybersecurity management in organizations.  
How threat intelligence plays a crucial role in identifying and mitigating risks, helping CISOs make informed decisions.  
How advanced email gateways and spam filters need to evolve to combat increasingly sophisticated phishing attacks and deepfake technologies.  
Why integrating cybersecurity into overall business strategy is essential for achieving security by design and enhancing data privacy measures.  
The value of collaboration with diverse partners, including legal teams and law enforcement, strengthens cybersecurity resilience and response capabilities.  
The importance of comprehensive cybersecurity awareness training to empower employees in recognizing and responding to potential threats.  
The responsible use of AI tools is vital for enhancing security measures while maintaining data privacy and compliance standards.   
 
Key Takeaways: 
Assess your organization's attack surface to identify vulnerabilities and prioritize protecting critical assets effectively.  
Implement a robust threat intelligence program to enhance decision-making and stay informed about emerging cybersecurity threats.  
Upgrade email gateways and spam filters to counteract sophisticated phishing attacks and improve overall email security.  
Integrate cybersecurity practices into your business strategy to ensure security by design and enhance data privacy initiatives.  
Collaborate with various stakeholders, including legal teams and law enforcement, to strengthen your cybersecurity posture and incident response.  
Conduct regular cybersecurity awareness training for employees to empower them in recognizing and responding to potential threats.  
Monitor the responsible use of AI tools within your organization to balance innovation with data privacy and security compliance.  
Engage with third-party vendors to assess their security practices and manage supply chain risks effectively.  
Foster a culture of accountability and ownership among team members to ensure everyone understands their role in reducing cyber risk.  
Seek mentorship from experienced professionals in both cybersecurity and business to develop a well-rounded skill set for leadership roles.