Apr 24, 2023
Shanyn Ronis, Head of the Mandiant Communication Center
John Miller, Head of Mandiant Intelligence Analysis
It seems like we’re seeing more cyber activity taking place in the context of geopolitical events. A lot of organizations struggle to figure out if/how to respond to these events and any related cyber activity. What advice do you have for these organizations and their leadership?
A lot of threat intel (TI) suffers from “What does this event mean for threats to our organization?” - sort of how to connect CNN to your IDS? What is your best advice on this to a CISO?
TI also suffers from “1. Get TI 2. ??? 3. Profit!” - how does your model help organizations avoid this trap?
Surely there are different levels of granularity here to TI and its relevance. Is what a CISO needs different from what an IR member needs? Do you differentiate your feed along those axes?
What does success look like? How will organizations know when they’re successful? What are good KPIs for these types of threat intelligence? In other words, how would customers know they benefit from it?
Is there anything unique that cloud providers can do in this process?
RSA 2023 Session “Intelligently Managing the Geopolitics and Security Interplay” on Wed Apr 26 9:40AM