We are creating some awesome events for you. Kindly bear with us.

Cybersecurity: Threat Intelligence and an integrated approach to security

Cybersecurity: Threat Intelligence and an integrated approach to security

What is Threat Intelligence (TI)?

It is different things for different people. Everyone has their own ideas what TI should be and how it works. In this day and age, people think it’s a magic bullet and it’s gonna fix all security problems. That’s not what it is.

TI is just another tool in your arsenal that you need to help build a good security infrastructure. Right now, going forward, it’s going to become one of the key components that you need because it’s going to tie all stuff together. When it comes to TI, there are only two words that matter: actual advice.

In other words, whatever you do for TI, it needs to tell you to do something to make your world a better place: how to build better infrastructure, how to be able to identify things that are bad, whatever it is, it needs to tell you something that you can do with it, otherwise it’s a complete waste in the environment.

Like I said it’s a not magic bullet, you have to think about what is it you want to do with TI: Do I want to block attacks? Do I want to stop information leakage? Am I interested in identifying new threats and attacks more quickly? Am I able to do risk assessment better?

The problem is customers don’t think about these things. If I am going to use TI, how am I going to use it in the context of the above mentioned questions? And that’s what customers need to think about. 

What is your company’s approach to security management?

The Chinese mentality has been that, “I need to manage everything as a whole”. It turns out we have over 700 managed service customers, managing over 1200 networks. So we have to pull the stuff together for our customers. And because of this, the assisting methodology we’re bringing forward to our devices is we have to have these things start playing together, either through communication for better dynamic security response, or in terms of better central alerting and management.

The problem with most other companies is they’re fixing on their products but very few pure cybersecurity companies actually have their products speak to each other, that siloed mode, I can’t get this device to talk to that device, even though they’re from the same company.

Whereas it’s part of what we had to do in China to support our customers, that becomes a very big thing for us. So that’s where the intelligence and hybrid security is, to bring to the fore that our devices are gonna be better at sharing information, not just within our own devices but also third party applications.

Regarding the level of  ‘toxicity’ of an IP address, does it increase when it receives more malware-based emails?

From a reputation perspective, we track an IP address for a period of time to see what it does. In a lot of cases, IP addresses are signed by DCHP, they’re dynamic. Everytime you log in from some place, you get an IP address for a period of time, and then it expires and then you get the same IP address or you get a new one, depending on what your service provider does.

And what you find out is, an IP address can do something bad for a period time and just starts getting blocked because people knows that this address is doing something bad, so its usefulness starts to decrease. At a certain point, it will stop doing bad things because the attacker will go to a different IP address and jump to something else. So you see a lot of this happening all the time. Then what’s interesting is, because it is dynamically assigned, is, at a certain point, they will go back around and come to back to this IP address.

So you might see an IP address a year or so down the line, that is again doing something and happen to show up on the list so we gotta start tracking it again. But because it showed up second time on our list, we’re going to monitor longer and more stringently.

What we’re seeing is, on average, an IP address will cycle through probably in less than 40 days before it’s no longer of value. 

Can you share some of the advantages of being based out of China? Like your partnership with Kingsoft? What are some of the homegrown things that China is doing?

We have partnerships with Kingsoft, Tencent and China Mobile. I don’t have to sell anti-virus, I just have to partner with the company that does. Having to access 400 million end points is awesome – that’s more than twice the population of the US and that’s a huge thing. I get to see things and do research that other people don’t get to play with: in terms of looking at malware, behavioural patterns and educating people to avoid clicking into sites that carry malware.

I can tell you data privacy is non-existent in China, we’re allowed to some things we’re couldn’t do elsewhere in the world. When we’re doing attribution, we’ve identified where exactly the malware came from, we can actually identify the source, the controller, the guy who’s selling it.

We’ve actually gone into the users’ computers just to download a picture from there to provide verification to the customer to pay for the malware service and do the attribution. We can’t do stuff like that in the United States, there’s no way I will be allowed to hack into a person’s computer.

Then the ethical thing comes up. If my company does this, do I have the responsiblility to notify the authorities who this person is, even though it’s a paid contract? Or should I let the customer who paid for the service do it? So there’s some ethical things that you have to deal with based on what you do and we’re trying to address some of those challenges going in.

The things that you think about from being a cybersecurity company: “With great power, comes great responsibility”, a quote from Uncle Ben in Spiderman. The cool thing is that we have some really good researchers, they participate in a lot of hacking forums to identify information, to make better products and try to secure customers better. None of them will go off to attack someone for the sake of attacking.

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.

Send this to a friend