We live in the information age or, as some might say, information overload age, and that’s definitely not going to change anytime soon.
But how much information is too much? Can we collaborate without disclosing important information? And how do you make sure you employ suitable security applications and practices at your company?
These are just some of your frequently asked questions, and so, in this episode of the Dr. Dark Web podcast, we’re telling you what you want to know. Tune into this episode to find out more.
Listen on Spotify｜Listen on Apple Podcasts
⚡ How much information is enough?
Information overload is overwhelming. So how much information is too much? And how much is enough? “The quantity and the volume of data aren’t going away. What we have to do is turn information into intelligence by asking more succinct questions and by having better tools and technologies to ask better questions. And a lot of that’s going to come through autonomy. No two ways about. Is it perfect? Absolutely not. Are we working on how to make it more effective? Absolutely. Because we know we have to. And then there’s taking that intelligence and making it actionable.”
⚡ How can we collaborate in sharing threat intel data?
Collaboration is crucial in information security. The only question is how can you collaborate without disclosing any information? Here’s what you should know. “What I can do is have back channels. I can have conversations. I can get onto the signal and go, ‘Hey, Dani can see what’s going on. We’ve got some challenges. Do me a favor, make sure you’ve got this locked down and sorted out. Do me a favor, go check your active directory for this. And by the way, check your intel feeds for this.’ That’s helping you become more aware of maybe a specific incident.”
⚡ What should be the roadmap for leveraging dark web intelligence?
Building intelligence very early in the roadmap should be the first priority. Here’s an example. “To me, information intelligence has got to be pretty high up on the list of acquisitions because it helps you build the future path for where your security roadmap needs to be. It helps you understand where the risks are. Let’s just say you’ve built the next greatest widget sitting here, and it’s an amazing widget. And you’ve surrounded that widget with, say, 50 staff employees, people, or whatever you want to call them, and that widget and your staff are all sitting in a building. Automatically, you’re suddenly going, ‘Well, I need to protect the widget.’ But you, maybe, forgot about the people. How do I educate them to protect the widget?”
Is the goal of using threat intelligence to become more proactive or reactive?
“It’s more of a maturity thing. And if you take a maturity level of zero, you have no clue what’s going to happen even when it hits you, unfortunately. You’re just not aware. This is where we hear the statistics about how long a threat has been inside an organization, and unfortunately, there are some crazy numbers. There are companies that have been breached for years and don’t know about it. That’s when you look at the maturity of zero, and then you go to the other end of the scale, which is companies that are leading the charge, and they know as soon as something even tries to contemplate hitting their environment.”
Know yourself and your environment first.
“If you don’t know yourself and your environment — and we’re talking about the physical environment, we’re talking about the assets, the locations, the people, all these other things. If you don’t know those effectively enough, then you’re not going to know what to do, how to deal with it, how to protect it, or how to reduce the risks on it. So, for me, first and foremost is something that helps you understand what you have, and that’s from the asset standpoint; it’s the physical assets. And now we can talk about digital assets as well. So what have you got? Where is it? What’s on it? Who’s accessing it? And what the hell are they doing with it?”
Prepare questions for your vendors.
“We need to have a set of 10 questions to ask vendors. So the question is, ‘Hey, if you have a firewall or an endpoint and if you have an endpoint vendor coming up to you, what are those ten things that you need to ask that endpoint vendor to be happy that they understand what machine learning is or what artificial intelligence is? Because they’re all going to tell you they do it.’ So actually, you need to be armed with an understanding or, at least, know how to tell BS from reality when that question is answered.”