The Cyber5 Podcast

Using Threat Intelligence Throughout the Enterprise with LogMeIn Security Manager Michael Rennie

Episode 18 of the podcast covers methodologies to produce actionable outcomes from threat intelligence, and use cases where threat intelligence can be applied throughout the enterprise with Michael Rennie, Threat Intelligence Manager at LogMeIn.

Outline:

  • (01:11) Question 1: With your threat intelligence program, what steps do you take to filter the firehose of noise and determine what has context and what is actionable?
  • (03:32) Question 2: A lot of SOCs believe threat intelligence should be defined as “new information that tells a SOC what the security stack does not know about and/or cannot detect”. Do you agree or disagree and why?
  • (04:16) Question 3: As security professionals, we have a tendency to find out the “who” of attribution. Do you think that is important? Do you think the “how” and “why” are the better measures of attribution research and is that even possible given limited resources of a medium size organization? Explain.
  • (07:22) Question 4: What do you see as use cases for threat intelligence across an organization? Anything beyond cyber related crime?
  • (11:09) Question 5: With all of the advancements in threat intelligence feeds and platforms around enrichment, automated analysis, correlation, etc, have you seen a down-tic in the amount of analyst time that it takes to get to something actionable? What are some technologies you like for aggregation and automation?

Episode 18 | August 6, 2020

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights Retainer℠
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks