Actionable Threat Intelligence with Jackie Abrams
Hear from Jackie Abrams on the difference between security and true cyber threat intelligence and the biggest challenges faced by CTI professionals. Our interview also includes a real world experience and investigation.
Here is a brief outline of our discussion with Jackie Abrams
Tarik and I were very pleased to interview Jackie Abrams, the Principal Product Manager at DomainTools, on a topic she is incredibly well-versed in, cyber threat intelligence. She wasted no time providing valuable insight into one of the biggest challenges in threat intelligence, which is understanding why an adversary is coming after you, what their goal is, and then using that information to more effectively defend your network. Jackie underscores that the goal shouldn’t necessarily be to predict every attack, but instead to identify areas in which companies should focus their investments, their training, and really hone in on threats they are most likely to face.
Another helpful takeaway from our conversation: “It’s not about focusing externally, it’s about focusing internally and understanding your organization and what it does. The first thing you need to do is identify your assets. Consider that these assets may not just be your data or your money. Think about where you sit in an industry, what services you are providing, and what critical infrastructure or supply chains or even daily services for your customers you deliver. Also consider what customers you have that you interact with or your networks connect to, who might be decent targets. You may just be a stepping stone in someone else’s mission to get to one of your clients. Once you understand all of the things and connections you have that are valuable, then take a step back and follow the news. This will help you contextualize the threats you may face.”
Speaking of contextualizing threats, a common topic of discussion in the cyber threat intel space is attribution. Jackie feels attribution is critical, from her perspective, without understanding who did it, you’ll have a very hard time understanding why they did it. This makes it difficult to prediction and prioritize the threats you face.
Finally, Jackie shared a real world story from the front lines of cyber threat intelligence. The investigation started with a text message, and mapped to thousands of spoofed domains. In the process, Jackie and her team mapped connected infrastructure and added significant value to a legal investigation, and well, I won’t spoil the rest.
We hope that you find our bonus episode with Jackie as entertaining and educational as Tarik and I did. A big thanks to Jackie for sharing her insights and taking the time to have this great discussion.
That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!