Operatively-sourced threat intelligence: Using human awareness

operatively-sourced threat intelligenceIn this podcast recorded at RSA Conference 2017, Mike Kirschner, Senior Vice President of Sales and Marketing, Advanced Threat Intelligence at InfoArmor, talks about the platforms that they’ve developed and the data sets that they have – everything from risk to network, to advanced intelligence type services. InfoArmor can offer advanced service features and service sets in order to enable clients to take advantage of true access to both the dark web, as well as extending the reach of their security teams.

operatively-sourced threat intelligence

Here’s a transcript of the podcast for your convenience.

My name is Mike Kirschner. I’m the Senior Vice President of Sales & Marketing for InfoArmor, for our Advanced Threat Intelligence division.

We’re talking a little bit today about our Accomplice and VigilanteATI portals in the platforms that we have developed for delivering threat intelligence to the market in general.

Fundamentally, the platforms themselves have really been designed to be able to ingest both a wide array of data services or data products, as well as threat intelligence services. So the context associated with that data then becomes a very rich component, rich feature of the product itself.

InfoArmor has been around for the last ten years or so. We started as a threat intelligence provider of identity protection services, and have rapidly moved into an enterprise-based cyber intelligence posture, and have really been able then to aggregate lots of data that would be enabled to the enterprise, which we deliver through these platforms.

With the breath of breaches that we’ve seen over the last year to two years, and the escalation of breached information that we’ve seen out in the dark web, in the wild, there are a variety of use cases that make it meaningful for organizations to be able to have access to that type of data.

The information that we can deliver really spans from identification of network exposure, vulnerability exposure, through individual credentials that have been exposed, email addresses and passwords that could then unlock the kingdom for anybody to gain access to that corporation’s potential intellectual property, directories, whatever the case may be.

The passwords then, that we are providing, can come in a variety of forms, whether they’re plain text or hashed. The services that InfoArmor enables really allow a client to view that data in its raw form, as well as in a cracked form or in a form that would enable them to understand whether or not there is potential risk to the organization. As a result, then those organizations can take appropriate measures to preempt potential breaches, potential issues that may come up.

What we tend to offer, though, as really a differentiating component to the threat intelligence landscape or platforms that we’re enabling is, really, that context. So, the core differentiator for InfoArmor really is our Advanced Threat Intelligence team. We’ve got an organization of researchers and analysts that are providing operatively sourced intelligence, they are engaging in that threat actor community delivering information that is meaningful for clients from the perspective of really dark web level type sources and engagement. The content that we are enabling in this sort of environment stands both data, as well as human involvement, human intelligence, and that’s the contextual piece that we are providing, which we then wrap into this idea of threat intelligence.

operatively-sourced threat intelligence

The threat intelligence landscape, though, over the last several years certainly has changed dramatically. What we are really seeing is a divergence in the shape of information that’s being delivered to clients in wide volume, which we will call ‘threat information’ or ‘threat data’ versus true threat intelligence. Threat intelligence, really, is going to be consumable, actionable, information that can be leveraged by the organization in a preemptive way or in a way that’s going to be meaningful for them based on the specific threats that they are facing today.

There are so many providers as you walk the floor today that are providing data feeds ad nauseam, which many organizations simply can’t consume or take advantage of. So the idea behind what InfoArmor is delivering today, and the way that we’re making that truly threat intelligence is by wrapping this contextual human awareness around what those threats are in ways that organizations can then take advantage of that information, and deliver that in a way, again, that’s consumable and actionable by the organization.

The primary advantage that we see in this is that based on the platform that we have, it’s scalable from a very small organization to a very large organization. So we’ve got clients that are in that SMB/SME space that have tens or hundreds of employees all the way up to Fortune 500 clients that have tens of thousands of employees, and large scale operations, and enormous security teams that actually have the ability to take this data in and consume it.

InfoArmor’s primary deliverable not only is data that we will harvest both automated and through our operative team, but then enabling ourselves to really act as an extension of that security team. In the case of a small business, we can actually take on the process or the role of the security team for them, almost operating as an MSP. With a larger organization, we get very much into the spoke investigations on their behalf, assessments of data sets, evaluating different components that would be meaningful for that organizations. And in many cases, their teams just don’t either have the bandwidth to be able to do that or the skillset to be able to do that. In those types of cases or instances, that’s really where InfoArmor’s team shines in terms of its ability to deliver true intelligence in a meaningful way rather than just data.

RSA Conference 2017