Threat Management: Detection, Identification, & Incident Response

Popular phone app Waze provides alerts on threats like potholes, accidents, and even police. Information security could really use a Waze-like application to see the threats down the road. Maybe one exists that a peer is using. Come and find out what other members are doing for threat detection.

For the longest time, security programs focused on closing vulnerabilities only. Little was known about the threat. That is an inefficient way to defend our enterprises. Knowing more about the threat, combined with vulnerability data, helps us focus on the right security defenses.

Successful information security programs are adopting military-like tactics largely because the attackers are waging cyber-warfare. As with any military operation, knowledge of your attacker’s plans and tactics is key to preparedness and effective defense. Incorporating threat intelligence into your security program operations is no longer a luxury but essential.

Technology advancements have made it possible to incorporate cyber threat intelligence into many of our security solutions. In some cases, this intelligence permits automated response. There are many vendors with teams of threat analysts that scour the dark web to find and warn of impending threats. Using that threat data is key to responding faster and more effectively.

Our attackers continue to mature tactics and tools. When they are state-sponsored, they have nearly unlimited resources. We need our own intelligence agency to help stay in front of these threats. What resources are available to help US corporations keep abreast of the threat landscape?

Likely areas of exploration include:

  • Threat intelligence sources and incorporation into threat management
  • Threat prevention vs. detection- what is the right mix?
  • Threat simulation tools and controls testing
  • Using threat modeling to define risk profiles for systems, data, and applications
  • Where threat detection is best implemented - endpoint, IoT devices, network perimeter, server, application, third parties, etc.
  • Vulnerability management- how do we eliminate the vulnerabilities that become our exploitable threats?
  • The value of incorporating threat intelligence into your security operations
  • Using risk modeling to define risk profiles for systems, data, and applications
  • Role of deception and honeypot solutions in finding the real sources of threat
  • New penetration testing models including crowdsourced

Sponsored by IBM, CyberArk, Okta