Defending the Philippines in Cyberspace with The Teh Group

<p>The Teh Group organized the Cyber Attack Manila 2019 at Shangri-la Makati with 400 cybersecurity professionals from various industries including government and law enforcement. The event covered themes in cybersecurity, threat intelligence, cyber investigation... just to name a few. Jeffrey Teh, CEO of The Teh Group, had the opportunity to interview Geoff Noble, Senior Vice President and GM of APAC at Anomali about his perspective of cybersecurity in the Philippines.</p><p>Key topics from the discussion include:</p><ul><li>How a Threat Intelligence Platform (TIP) is different from other security solutions and why it is essential to managing threat intelligence.</li><li>Building an effective and efficient cybersecurity strategy for your environment.</li><li>There’s a lot of information out there, but it’s not all intelligence. Learn how to focus on what’s really critical to your organization.</li><li>Fortify your organization’s defenses against cyberattacks through threat intelligence sharing and collaboration.</li></ul>


Geoff, I understand that you're currently working for a company called an Anomali as a pioneer in doing cyber intelligence and analysis.

Am I correct?


So it's more about the management of threat intelligence.


Because when a nation or an industry decides to benefit from the intelligence of external threats, particularly around cyber, there's just too much information.

So our analysis is basically on all the information.

We actually don't bring much information.

We help validate and narrow down the information such that your nation or your internal analysts know the right information to be working on.


You know, like I say, this segment is all about Philippine cyberspace or defending Philippine cyberspace.

In the whole ecosystem of cybersecurity, there's a lot of element.


There are technical element, operational, management.

And informations are gold right now, data is gold.

Can you walk us through how do you basically plan, or your firm objective to help, I guess, building the cybersecurity space for the Philippine's businesses, law enforcements, or even governments?

So we're an organization on the next phase of security maturity.

So Philippines are a great example of a nation that has already invested well, heavily, and cleverly on defense infrastructure.

And those defense infrastructures are traditional things like firewalls, endpoint detection, email gateways.

And they do two things-- allow traffic or disallow bad traffic.

But with the abundance of badness happening in cyberspace, it's very difficult to get correct, valid, precise information to them, because it's a time problem.

Your analysts in the government need to take such a weight of information and refine it, investigate it, correlate it before they present the information to the existing defenses.

And this is what Anomali does.

It uses machine learning and industry partnerships to say out of these billions of indicators of compromise, we've stack ranked it.

And here are the ones that we're 100% confident you should do something with.

And through automation, present those alerts through existing tooling.

So instead of spending a lot of time trying to find this intelligence, they could just tap on your resource then to find a relevant intelligence or resource that they need to determine the track.

Is that how it works?

So the distinction we like to make is that there's a lot of threat information out there, but it's actually not intelligence.

It's not intelligence until you've looked at it through your perspective.

If there's intelligence information about ATM skimming fraud in Finland, and you don't have ATMs and you don't do business in Finland, that's not intelligence.

JEFFREY TEH: That's right.


So through filtering, machine learning, and some education of the system by your government or by their analysts, it's easier to kind of cull out irrelevant traffic.

So in direct response to your question, the information is actually gold when it becomes intelligence.

And we can help fast track that.

Do you see a cybersecurity professional or find it challenging to determine what is the right intelligence and what is not?


And that's one of our core premise.

So once you make a decision, as the Philippine government through the security cyber defense papers have made that you want to be intelligence driven, you open up the door and big flood of information comes through to you.

So to make those decisions, you need to be educated by your peers.

So what we've also got in the Anomali Threat Platform is a lot of collaboration and sharing.

So a great example of that would be industry.

And another great example of that is nation.

So we're working in another Southeast Asian nation where one of our partners has set up set up a threat sharing community.


So if all five of us have decided that we're going to start on this, then the pure weight of numbers say that if we collaborate on a specific event, or we look at a specific vertical, then we can share the information because it's public information already.

And if it's going to attack you, it's going to attack me.

They're going to try.


So if we can collaborate on our defenses, then that's how we can get to info-- So by hearing what you just say, so you're very committed-- I mean you and your firm Anomali are very committed into providing, I mean, building this community and sharing intelligence not just for the Philippine market, but essentially for Southeast Asia.

Am I right?

Oh, yeah.


So we've built a very specific platform.

So the sharing industry is largely referred to as ISAC-- so Information Sharing Analysis Center, ISAC.

So we've built an ISAC platform specifically for the purpose of an anchor tenant, typically a government or a central bank, to say we'll take on board this sharing platform.

And we will be trained by Anomali and partner with Anomali on content.

We will then allow freedom of sharing within the network.

Now the network can only consume information.

We can't integrate it with their systems automatically.

But it can actually benefit from threat bulletins and data and then export specific information as allowed by the Central Manager of the ISAC to then defend their department.


So, yeah.

So a purpose-built platform for sharing and collaboration which is stood up industry-wide globally.

And specifically within Southeast Asia, we've got two countries that are running a national ISAC.