Profile picture
Phil Venables
@philvenables
, 11 tweets, 2 min read Read on Twitter
Threat Intelligence. A Thread.

Threat intelligence seems, at least to me, to get maligned too much. For many years I’ve found it an immensely useful element of an enterprise security and risk program. So, some perspectives on this.

1/11
Security is a game to win, not a state you’re in. You have adversaries and you have to therefore understand their motivations and their tactics, techniques and procedures (TTPs) in the context of their goals versus your assets and objectives.

2/11
To understand that you, surely, need some information about that. Let’s call that threat intelligence. At the risk of oversimplifying, there are essentially 2 types of threat intelligence:

3/11
1. Macro threat intelligence. Information on attacker goals, capabilities & evolving TTPs. Use this to adjust defenses to make life more difficult for the adversary & shape their economics (attackers have bosses & budgets too). Aim to eliminate whole classes of attacks.

4/11
2. Micro threat intelligence. Information about specific attacks, signatures, indicators of compromise and other selectors/data. Aim to eliminate or detect/respond to specific attacks.

5/11
Information about threats, itself, is necessary but not sufficient. In both cases you need to be capable of doing something with it. For macro you need to feed it into your risk decision making process as fast as possible & increase the speed of adjusting defenses.

6/11
For micro threat intelligence you need to feed this into your defensive operations as fast as possible - in as fully an automated way as you can. Work to improve the ingest speed and coverage of this into your preventive controls and your detective sensor grid.

7/11
Responding to macro has superior results, but is harder and so sometimes you can only handle and respond to micro. As with any intelligence process you will generate new/synthesized intelligence - feeding that into an appropriate information sharing organization is useful.

8/11
Where threat intelligence gets maligned is I think due to a lack of an organization’s capability to process it (perhaps fueled by over marketing of what it can do - by vendors or pundits). If you buy something or consume some capability you have to be equipped to use it.

9/11
There’s no point buying some feed if you can't do anything with it. Like supply & demand - different sources of intel. (shared/private/government) drives different demand pull. Handling capabilities (people, automation, frameworks) drive different supply needs.

10/11
Bottom line : threat intelligence is critical but you have to use it well and that means having the organizational capability to do that. Grow capability (tooling and people) in balance with what you need to consume - think supply/demand.

Move fast.

11/11
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Phil Venables
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @philvenables see all

Profile picture
Phil Venables
@philvenables
The Reporting Line of Security Teams / CISOs. A thread.

Having read many people’s strong-held views on this topic I thought I’d add to the mix. Despite a lot of people now inevitably thinking “is this the hill you want to die on? - here we go…...

1/16
First, let’s get one thing out of the way: if people think the answer to an organization’s security issues are mostly determined by the reporting line of the CISO, then frankly there are bigger issues at play that need to be dealt with that are driving that fixation.

2/16
The reality is, like every important concern, security has to be a shared goal - one role can’t carry this alone no matter where it reports. In my view the issue in all the debates about reporting stem from the intermixing of two distinct roles for getting security right.

3/16
Read 16 tweets
Profile picture
Phil Venables
@philvenables
Cybersecurity workforce development. A thread.

It is still somewhat frustrating that most of the dialog about the skills shortage in cybersecurity focuses, perhaps inevitably, on the all too simple answer of "let's create more cybersecurity professionals".

1/15
This is usually coupled with (often unsubstantiated) claims that there are millions of open cybersecurity positions. The answer, thus, becomes fixated on how do we create all those cybersecurity people - whatever a "cybersecurity person" is.

2/15
So, we call for more K-12 education programs, more University programs, more certificates etc. Now, I'm not denigrating these efforts and those involved (including me!) - they are laudable goals and do produce useful outcomes. But, sadly, risk missing the wider point.

3/15
Read 15 tweets
Profile picture
Phil Venables
@philvenables
Technology. A thread.

In the late 1980’s I was a developer using virtualized systems and containers, software defined networks, thin-client end points that could graphically render serialized content in a standard mark-up language.
The servers were using specialized co-processes for cryptographic functions, storage access and network communications. The data was stored in a high performance transactional NoSQL store with code written in a math oriented functional language with matrix math operators.
Orchestration was done using an advanced scripting language, with policies and configuration in the same SDLC as the code. All of this was under the control of a system wide role based access control system accessible by the O/S, data and application layers.
Read 11 tweets

Related threads

Profile picture
WonderWoman
@SecretDurga2
📌 #Thread about dressing of Ancient India. #Hinduism

No sir. They didnt even wore bikinis that time. Actually India and Hinduism started many years before birth of "Mother Marry" herself 😌🚩

That time Women used to stay in bare chest.
2) I had to delete my 2nd post bcz ppl told me that sita used 2 wear clothes.I did my best 2 knw abt the real facts.
In 1 verse Ravana describd hr a breast full of jewels.
In other its written she was wearing silk clothes maybeshe was wearing clothes in lower part of her body.
(3/n) In many art of vedic era and ancient hindu temple. We can clearly see the statues of Indian goddess in bare chest with jewellery covering their breast.
#HINDUISM
Read 7 tweets
Profile picture
WonderWoman
@SecretDurga2
📌#Thread about #Sabrimala and myths.
Real history of sabrimala.
#SaveSabarimala
Lord Shiva & Mohini had a child named Dharmashasta.
He ws born to fulfil the boon that Mahishi had acquired from Lord Brahma that only a son of both Shiva & Vishnu can kill her.
@davidfrawleyved
2. His name and the story of His birth is explained in detail in the Bhagavata Purana.
Dharmashasta manifested Himself in various forms - as Aiyyanar, as Ayyappan, and as Himself. Prince Manikantan of Pandalam (Sabarimala Ayyappan) was the specific avatar He took to kill Mahishi.
3. So while Dharmashasta finds a mention in the Puranas, it is unlikely that Ayyappa would also be mentioned as Ayyappa’s birth happened many years after the Puranas were composed.
NO MENTION OF SABRIMALA IN VEDAS
#SaveSabarimala
Read 7 tweets
Profile picture
cyberobserver
@OSINTResearcher
This is a #Thread about one of the many trolls who is targeting #Native and #Indigenous @Twitter accounts.

The account #@Blondi65003273 is interacting with #NativeAmericans by #JustAskingQuestions

Nothing obviously provocative.

#NativeTwitter
One of Blondi’s followers is another account that claims to be #Native #Ojibwe
However, one of her first posts demonstrate her to be not your average concerned Wisconsin #Native from the North Woods. She posts a picture of a dismembered body that is supposed to convince voters that we need a stronger immigration policy to deter crime.
Read 70 tweets
Profile picture
Oloye Akin Alabi
@akinalabi
Years ago, I used to say the best time to have money is when you’re young and can enjoy it. Now, I’ve realized that you need money more when you are older. Kids, retirement etc. Don’t be desperate. You don’t have today, you can have tomorrow & still enjoy life.

#thread of life.
There is no latecomer in the “success world” or “rich world”. Whenever you get there, you are welcome. You will enjoy your life and almost forget you ever suffered. It doesn’t have to be now and there is no prize for being the first person to get “there”.
When I was in my teens and early twenties & a bit of late twenties, I used to marvel at how some of my age mates were enjoying life. I felt I would never catch up and they were already ahead of me. Tah! There is nothing like that. Today, none of us remembers who succeeded first.
Read 7 tweets
Profile picture
RaguC
@RaguC
குருவி வேலை பார்ப்பவர்கள் பற்றிய #thread நேற்று அலுவல் நிமித்தம் கொழும்பு வந்தேன், தீபாவளி விற்பனைக்காக இங்குள்ள கடைகளுக்கு துணிகளை எடுத்துக் கொண்டு கிட்டத்தட்ட 40 பேர், ஆளுக்கு 40 கிலோ அதாவது 1.6 டன் இந்த ஒரு பயனத்துல கொண்டு சேர்க்குறாங்க.
இது மாதிரி ஒவ்வொரு ப்ளைட்டுலும் 30-40 குருவிகள், பயனச்செலவு இவர்களது, கிலோவிற்கு 250-300 ரூ என இவர்களுக்கு கூலி, விமான நிலைய வாசலில் இவர்களுக்கு தரகர் மூலம் “compressed dress bundles” கொடுக்கப்படுகிறது, கொழும்பு விமான நிலைய வாசலிலேயே அங்குள்ள தரகர் வாங்கி கொள்கிறார்
இரண்டு விமான நிலையங்களிலும் சுங்க அதிகாரிகளை முன்னமே இவர்களது தரகர்கள் “கவனித்து” விடுவதால் ஏதும் சிரமமில்லை. Check-in ல் 30 கிலோவை தள்ளிவிட்டு, மீதி 10கிலோவும் ஒரு வெற்றுப் பையுமாக பாதுகாப்பு சோதனையை கடக்கும் இவர்கள் முதலில் போவது Duty Free Shop, ஆளுக்கு 5-8 மதுபாட்டில்கள்
Read 16 tweets
Profile picture
GreatGameIndia
@GreatGameIndia
#THREAD
Gemalto has apologised for publishing erroneous report on Aadhaar data breach. But why would a world class firm mislead the people of India? What has Gemalto to gain from it? Does Gemalto has stakes in #Aadhaar? Lets see which journalist has the courage to report this.
To understand whats really going on you must first know the background of Gemalto and where it comes from, that would bring things into clear perspective. Then we would address the Aadhaar issue and how the People of India is being mislead by UIDAI.

Neville Pattinson Vice President, Government affairs at Gemalto is board member of Smart Card Alliance a RFID industry group, also serving US Department of Homeland Security's Data Privacy & Integrity Advisory Committee - inchanrge of various Govts biometric programs like Aadhaar
Read 20 tweets

Trending hashtags

#NeoFaceReveal #Bees #Zahra #Kerala #LeavingNeverland #WILD #Microsoft #security #8th_Division #Republican_Guard #Image #REMAINING #NativeAmerican #Palestinian #Unique #Barcodes #MacronLeaks #BoycottSundanceFestival #Fly #respect #Be #Ocean #MSDyn365 #Sahl_alGhab #WhiteNationalism
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!