The overarching threat facing cyber organizations today is a highly skilled asymmetric enemy, well-funded and resolute in his task and purpose.\u00a0\u00a0 You never can exactly tell how they will come at you, but come they will.\u00a0 It\u2019s no different than fighting a kinetic foe in that, before you fight, you must choose your ground and study your enemy\u2019s tendencies.<\/p>\n
A lot of focus has been placed on tools and updating technology, but often we are pushed back on our heels and find ourselves fighting a defensive action.<\/p>\n
But what if we change?\u00a0 How do we do that?<\/p>\n
The first step is to study the battlefield, understand what you\u2019re trying to protect and lay down your protection strategy.\u00a0 Pretty basic right??<\/p>\n
Your technology strategy is very important, but you must embrace and create a thorough Cyber Threat Intelligence (CTI) doctrine which must take on many forms.<\/p>\n
First, there is data, and lots of it.\u00a0 However, the data must take specific forms to research and detect nascent elements where the adversary is attempting to catch you napping or give you the perception that the activity you see is normal.<\/p>\n
As you pool this data, it must be segmented into layers and literally mapped to geographic locations across the globe.\u00a0 The data is classified distinctly as malicious and reputations are applied.\u00a0 This is a vital step in that it enables analytical programs, along with human intelligence analysts to apply the data within intelligence reports which themselves can take on many forms.<\/p>\n
Once the data takes an analytic form, then it allows organizations to forensically piece together a picture of an attack.\u00a0 This process is painstakingly tedious but necessary to understand your enemy and his tendencies.\u00a0 Tools are useful, but it\u2019s always the human in the loop that will recognize the tactical and strategic implications of an adversary\u2019s moves. Once you see the picture, it becomes real, and then you\u2019re able to prepare your enterprise for the conflict that follows.<\/p>\n
Your early warning and sensing strategy must incorporate this philosophy.\u00a0 You must sense, collect, exploit, process, produce and utilize each intelligence product that renders useful information.\u00a0 It\u2019s this process that will enable any organization to move decisively to and stay \u201cleft of boom\u201d.<\/p>\n
The McAfee Advanced Programs Group (APG) was created eight years ago to support intelligence organizations that embrace and maintain a strong CTI stance.\u00a0 Its philosophy is to blend people, processes, data and a strong intelligence heritage to enable our customers to understand the cyber battlefield to proactively protect, but \u201cmaneuver\u201d when necessary to avoid an attack.<\/p>\n
APG applies three key disciplines or mission areas to provide this support.<\/p>\n
First, we developed an internal tool called the Advanced Threat Landscape Analysis System (ATLAS).\u00a0 This enables our organization to apply our malicious threat detections to a geospatial map display to see where we\u2019re seeing malicious data.\u00a0 ATLAS draws from our global network of billions of threat sensors to see trillions of detections each day, but enables our analysts to concentrate on the most malicious activity.\u00a0 Then we\u2019re better able to research and report accurate threat landscape information.<\/p>\n
The second leg in the stool is our analytical staff, the true cyber ninjas that apply decades of experience supporting HUMINT operations across the globe and a well-established intelligence-based targeting philosophy to the cyber environment.\u00a0 The result is a true understanding of the cyber battlefield enabling the leadership to make solid \u201cintelligence-based\u201d decisions.<\/p>\n
Finally, the third leg is our ability to develop custom solutions and interfaces to adapt in a very custom way our ability to see and study data.\u00a0 We have the ability to leverage 2.8 billion malicious detections, along with 20 other distinct malicious feeds, to correlate many different views, just not the McAfee view.\u00a0 We interpret agnostically.<\/p>\n
These three legs provide APG a powerful CTI advantage allowing our customers to adapt and respond to events by producing threat intelligence dynamically. When using this service it allows the customer to be fully situationally aware in a moments notice (visual command and control). Access to the data alone is an immense asset to any organization.\u00a0 This allows each customer not only to know what their telemetry is, but also provides real time insights into the entire world ecosystem. Finally, the human analysis alone is immensely valuable.\u00a0 It allows for the organizations to read and see\/understand what it all means (the who, what, where and why).\u00a0\u00a0 \u201cThe so what!!\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"
The overarching threat facing cyber organizations today is a highly skilled asymmetric enemy, well-funded and resolute in his task and…<\/p>\n","protected":false},"author":802,"featured_media":124838,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[4618],"class_list":["post-124835","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"\n