In episode 50 of The Cyber5, we are joined by Paul Kurtz. Paul’s career includes serving as Director of Counter-Terrorism, Senior Director for Cyber Security, and Special Assistant to the President of the United States for Critical Infrastructure Protection. He was previously the CEO of Threat Intelligence Platform TrueStar and is now the Chief Cybersecurity Advisor, Public Sector at Splunk. In this episode, we discuss the Biden Administration’s executive order for cybersecurity and how it impacts the public and private sector in relation to intelligence management. We also talk about an inside-out network approach and the criticality of cloud migration in detecting cyber threats at scale. We further discuss the value of threat intelligence and the importance of integration with enterprise systems.
Here are the 6 Topics We Cover in This Episode:
1) Three Key Points of the Executive Order:
While important topics such as zero trust identity access management and third party risk management get the major attention, three important, but often overlooked, points covered in the executive order are:
- Cloud Transition
- Information Sharing
- Data Collection and Preservation
From an intelligence management and security perspective, the migration of the US public sector to the cloud, coupled with information sharing and data preservation are the most important actions to reduce mean time to detect and alert, mean time to respond, and mean time to remediate.
2) Need for Automation of Internal and External Telemetry:
Endpoint Detection and Response, next generation anti-virus, next generation firewalls, and IAM (identity and access management) are examples of the advancement in enterprise security solutions. These technologies are now being augmented by threat intelligence solutions. Integrating and automating this suite of advanced capabilities is key to optimizing intelligence and defending against increasingly sophisticated threat actors.
3) MSSP are Critical to Protecting SMBs:
MSSPs must integrate their alerting and detection ability to the cloud in order to protect small and medium sized businesses. Small and medium sized businesses don’t typically have the security teams or expertise to patch, remediate, and threat hunt. MSSPs with MDR capability can effectively serve this market.
4) Threat Intelligence Must Be Integrated to Augment Existing Telemetry:
Threat intelligence must be actionable. A key action to achieving actionability is the integration into an internet ticketing system, a Security Event Management Tool (SIEM), a Threat Intelligence Platform, or an Endpoint Detection and Response solution.
5) Behavior is King for Appropriate Context:
The ability to detect malicious behavior from actors inside a network and initiate an appropriate response. This is not possible without the context provided by cloud integration, log aggregation, a retrospective “look back” capability, and the integration of external data and internal telemetry.
6) US Civilian Agencies Need a Roadmap for Cloud Integration:
If the Central Intelligence Agency can embrace the cloud, so can other agencies. A federal roadmap is urgently needed to defend against attacks by sophisticated adversaries.