Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Threat Intelligence - Context is King
BrightPoint CTO Reybok on How to Get the Most from Key InfoOrganizations are jumping on the threat intelligence bandwagon, but are they making strategic investments? Often not, says BrightPoint Security's Rich Reybok, who says "context" is often the key missing element.
Without context about what the threat intelligence data truly means, security organizations are only compounding their existing challenges, says Reybok, who is a senior vice president and CTO at BrightPoint.
"Security teams are already overwhelmed by information they're getting from their own tools and technologies, from their vendors, from the internet," Reybok says. "So, adding yet more data in the form of threat intelligence ... just makes that job even harder.
"If you're already missing the needle in the haystack, then adding more data is just going to make that haystack bigger."
Automating the threat intelligence collection is part of the solution, Reybok says. But then one needs to make sense of it - that's the value of context.
"Making sense of that data becomes important - being able to connect it to your environment," Reybok says. "Not just having the spreadsheet or text file of your feed, but actually being able to do something with it in your environment."
In an interview about how to get the most out of threat intelligence, Reybok discusses:
- Mistakes many organizations make with TI;
- How to maximize the value of data context;
- How BrightPoint's "Trusted Circles" concept is evolving to help organizations improve information sharing.
Reybok is the chief technology officer and senior vice president of engineering at BrightPoint Security. Prior to BrightPoint, he served as the CSO of Asurion, CSO of the ICG division of Merrill Lynch, and CSO of Lehman Brothers. Reybok now focuses his efforts on enhancing capabilities for processing threat intelligence into usable and actionable foundations to help transform enterprise security management.