The Cyber5 Podcast

Intelligence Management: Translating Biden’s Executive Order for Public and Private Enterprise

Episode 50 | July 28, 2021

In episode 50 of The Cyber5, we are joined by Paul Kurtz. Paul’s career includes serving as Director of Counter-Terrorism, Senior Director for Cyber Security, and Special Assistant to the President of the United States for Critical Infrastructure Protection. He was previously the CEO of Threat Intelligence Platform TrueStar and is now the Chief Cybersecurity Advisor, Public Sector at Splunk.

 

In this episode, we discuss the Biden Administration’s executive order for cybersecurity and how it impacts the public and private sector in relation to intelligence management. We also talk about an inside-out network approach and the criticality of cloud migration in detecting cyber threats at scale. We further discuss the value of threat intelligence and the importance of integration with enterprise systems.

 

Here are the 6 Topics We Cover in This Episode:

1) Three Key Points of the Executive Order:

While important topics such as zero trust identity access management and third party risk management get the major attention, three important, but often overlooked, points covered in the executive order are:

  • Cloud Transition
  • Information Sharing
  • Data Collection and Preservation

From an intelligence management and security perspective, the migration of the US public sector to the cloud, coupled with information sharing and data preservation are the most important actions to reduce mean time to detect and alert, mean time to respond, and mean time to remediate.

2) Need for Automation of Internal and External Telemetry: 

Endpoint Detection and Response, next generation anti-virus, next generation firewalls, and IAM (identity and access management) are examples of the advancement in enterprise security solutions. These technologies are now being augmented by threat intelligence solutions. Integrating and automating this suite of advanced capabilities is key to optimizing intelligence and defending against increasingly sophisticated threat actors.

3) MSSP are Critical to Protecting SMBs: 

MSSPs must integrate their alerting and detection ability to the cloud in order to protect small and medium sized businesses. Small and medium sized businesses don’t typically have the security teams or expertise to patch, remediate, and threat hunt. MSSPs with MDR capability can effectively serve this market.

4) Threat Intelligence Must Be Integrated to Augment Existing Telemetry: 

Threat intelligence must be actionable. A key action to achieving actionability is the integration into an internet ticketing system, a Security Event Management Tool (SIEM), a Threat Intelligence Platform, or an Endpoint Detection and Response solution.

5) Behavior is King for Appropriate Context: 

The ability to detect malicious behavior from actors inside a network and initiate an appropriate response. This is not possible without the context provided by cloud integration, log aggregation, a retrospective “look back” capability, and the integration of external data and internal telemetry.

6) US Civilian Agencies Need a Roadmap for Cloud Integration: 

If the Central Intelligence Agency can embrace the cloud, so can other agencies. A federal roadmap is urgently needed to defend against attacks by sophisticated adversaries.

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks