New Podcast Series: The Importance of Cyber Threat Intelligence in Cybersecurity

A new CrowdStrike® podcast series hosted by Cybercrime Magazine focuses on the critical role cyber threat intelligence (CTI) plays in an effective cybersecurity strategy. The series features CrowdStrike SVP of Intelligence Adam Meyers, a renowned expert in the field of cyber intelligence and a highly sought-after speaker. In this 12-part series, Meyers will cover a wide array of CTI topics ranging from how to build an effective threat intelligence practice to how adversaries and the threat landscape are evolving and what organizations can do to better protect themselves. Here’s the podcast lineup and quick summary of each episode. Put them on your list!

Getting to Know Adam Meyers

Meyers has long been considered a leading expert in the field of threat intelligence. In this first podcast to launch the series, he explains how his wide-ranging interests — from political science to epidemiology to computer science — and his work in both government and commercial organizations have contributed to his passion for and expertise in CTI. You’ll hear about the team of unmatched intelligence experts Meyers has built at CrowdStrike and how his team has evolved. He began with a mission to build government-quality intelligence for the private sector, focusing on nation-state adversaries, and the team soon evolved into tracking eCrime, hacktivism and recently, COVID-19-themed attacks.

Outpacing Your Adversaries

Meyers discusses the importance of knowing the capabilities and intentions of cyber adversaries that are targeting your organization and industry. He stresses that staying ahead of today’s ever-evolving adversary groups is critical and can’t be accomplished without effective CTI. Ultimately, understanding as much as possible about the “who, what and how” of your attacker is key. Meyers says, “I think about trying to bring the right components of technology and the right information together to ensure that you can, if not prevent, then certainly very quickly detect an adversary as they make attempts to access your infrastructure.”

Why CTI Is Critical to the C-Suite

Meyers discusses the importance of keeping C-level executives and board members apprised of security and risk issues and offers recommendations on the best way to present CTI to them. He recommends starting with basic information that enables them to understand what’s going on and how it may impact the organization. He explains the importance of understanding what the C-suite wants to gain from the discussion. You must first ask, “Who is your audience? Who are you bringing this intelligence to, and what is your expected outcome? Because you need to really understand what they are hoping to get out of this information.” He feels this is particularly critical because many organizations try to figure out their return on investment for threat intelligence before they have defined what threat intelligence is to them and what their measurements of success are.

How CTI Helps Security Operations Center (SOC) Teams and Incident Response (IR)

The benefits that CTI offers to SOC and IR teams start with intelligence automation, which makes their jobs easier. Meyers discusses the importance of offering context and analysis to threats, giving teams a better perspective and understanding of each threat and its potential capabilities. Meyers believes that CTI can be particularly beneficial to investigations being conducted in real time: “If they're dealing with an active incident where the adversary is still there, understanding how to properly mitigate that incident so as not to cause the adversary to do something that would be unexpected or perhaps disruptive or destructive is critical. It's really a very important part of the IR side of things.”

The CTI Lifecycle

Meyers discusses the need for security teams to better understand the business questions the C-suite is asking so they can better protect the organization. Meyers talks about how applying the intelligence lifecycle helps organizations answer these questions

 

by providing a framework for the collection, analysis and dissemination of impactful threat intelligence to leadership.

 

Meyers underscores the importance of decision makers to provide feedback to the team in order to help them keep pace with evolving business and risk reduction strategies.

Business Drivers

Many organizations begin implementing threat intelligence when their security teams find themselves addressing the same problem over and over, and when leadership stumps them with questions about the latest threats they may see in the news. Meyers discusses the prerequisites to implementing a successful threat intelligence program and how to find, recruit and retain skilled intelligence analysts.

Team Members

Meyers discusses the importance of building cyber threat intelligence teams with a focus on both technical and human analysis. He explains that a technical staff is required to derive intelligence by examining an adversary's malware, tools and infrastructure.

 

Meyers further states that human analysts are critical, as they add an understanding of the adversaries intentions enhanced by experience that allows them to make estimations about what may happen in the future.

Hostile Nations

In this episode, Meyers examines Chinese, Russian, North Korean and Iranian cyber operations.

 

He breaks down nation-state activity by discussing diplomatic, political, military, and economic espionage as well as describing disruptive/destructive offensive cyber operations.

 

Meyers also delves into how North Korea uses financially motivated attacks and how these nation states cooperate to meet mutually beneficial objectives.

Asia-Pac and Japan

Meyers discusses CrowdStrike’s Asia Pacific/Japan State of Security Survey with a special emphasis on how COVID-19 has shaped organizations' digital and work-from-home strategies. He describes how adversaries are preying on the fear and disruption caused by the coronavirus pandemic and how the rapid pivot of organizations to work-from-home has created opportunities for adversaries to probe for security gaps in the newly deployed infrastructure.

Who Are Hacktivists?

Meyers explores how activists, nationalists, terrorists and socio-economically motivated groups leverage DDOS attacks, doxxing and web defacement to express their ideologies. He states “Hacktivists movements around the globe are constantly changing and very dynamic, but any place you see any sort of social or political or economic issue you can expect to find it”.

 

Meyers recommends steps CISOs should take to be prepared and aware of these unexpected events.

For Manufacturing

 

In the first six months of 2020, the CrowdStrike Falcon® OverWatchTM team has tracked more intrusions than what they have seen in all of 2019.

 

Meyers discusses the acceleration of these attacks and how adversaries are joining the growing trend of targeted, low-volume/high-return ransomware deployment known as “big game hunting.”

For G2000 CISOs

Meyers discusses how the global threat landscape changed due to COVID-19 and how the rapid pivot of organizations to work-from-home has created opportunities for adversaries to probe for security gaps in the newly deployed infrastructure.

 

He predicts a continued acceleration in threat levels — attempted intrusions, ransomware attacks and other malicious activities — and discusses how CrowdStrike is helping organizations innovate and evolve faster than the adversary.

Additional Resources

Breaches Stop Here