DeepINTEL 2018 Talk: Cyber Threat Intelligence – The Next Era of Cyber Security? – Markus Auer
The DeepINTEL security intelligence conference focuses on threats, indicators of compromise, and strategic counter measures. Information security is more than superficial. This is why we have asked Markus Auer to hold a presentation at DeepINTEL (28 November 2018). He explains his ideas in short:
We are tired of adding new products to our ever-growing security structure. Although this has been a common practice for years, it does not bring lasting success. Attacks continue to occur – faster, more comprehensively and with much greater impact and rising costs. Despite all protection levels and measures, the current security approach fails.
We want to stop the expansion and purchase of more reactive products that are targeted to the recent attack. Instead, security operations should be improved by aligning existing security technologies and teams and using the information across teams. What sounds simple, however, is difficult. Most organizations have Incident Response-, Security Operations Center-, Risk and Vulnerability Management-, Endpoint Protection- and Perimeter-Teams, and maybe more. Each of these teams relies on a specific combination of different point products, each with its own intelligence. They also subscribe to various threat feeds from commercial sources, open source, industry, government and existing security vendors to be fully informed.
However, security teams and their security systems are organized in such a way that information silos are formed. This means that they operate from an information system that is not able to work and communicate with other similar systems, although the same goal is pursued. Using potential synergies seems almost impossible.
We understand that the timely exchange of accurate and relevant threat information between these teams and the tools they use is the key to shorter detection and response time – not the next “Silver Bullet” security technology or another threat feed. However, this requires a change and optimization of existing workflows and processes.
The key to improving the security structure is to establish connections between the individual teams and separated solutions to avoid information silos. In this way, information about attacks can be immediately shared and responded to. The knowledge that resides within each of these teams represents the most valuable and actionable threat intelligence available to the enterprise – and that knowledge would be wasted if it were not harnessed.
Markus Auer (45) is a technology evangelist and security sales professional and joined ThreatQuotient as Regional Sales Manager in April 2018 where he is responsible for market development in Central Europe. He brings with him over 20 years of experience in IT Security.
Prior to that, Mr. Auer held other positions at ForeScout Technologies, Q1 Labs (now IBM) SourceFire (now Cisco), netForensics and MessageLabs (now Symantec). In addition to his training as Industrial Manager at Siemens AG Munich, Mr. Auer worked as a freelance consultant for Novell and Microsoft.