At CIO 100 Annual Symposium & Awards held in Kenya, Niall MacLeod, Director of Solutions Architecture at Anomali, sat down with Victoria Amunga from Metropol TV, to discuss threat hunting and threat intelligence solutions. The mission of the CIO 100 Annual Symposium & Awards is to inform professionals and organizations on an array of topics. Ultimately, empowering them to make sound business decisions.
Key topics from the discussion include:
- Organizations can use threat intelligence to distinguish between good and bad network traffic
- Debunking the myth that threat intelligence is expensive
- The value in sharing threat intelligence
- How threat hunting can enable an organization determine what security tools in their environment are working effectively and where there are gaps in the network
- Steps to build a robust threat intelligence program
- Threat intelligence as an insurance policy
- The global cybersecurity skills shortage
- Using automation to save on headcount costs, but at the same time enable employees to be more efficient by using threat intelligence solutions
Download the SANS 2019 Threat Hunting Survey to learn how to properly utilize threat hunting.View Transcript
Now we have just come to the end of the second day of CIO today there's been a lot of conversations around intelligence and cybersecurity matters to do with cyber-securities in various sectors.
And we had a presentation also on just how companies and organizations can secure themselves by intelligence, getting intelligence and hunting for threats in their matters of security.
And right here I'm seated with Director Niall MacLeod from Solutions from Director of Solutions Architect, Anomali, a company that deals with intelligence and matters of security, who's going to be telling us much more on matters of intelligence solutions, and also hunting for threats.
Thank you so much, sir, for joining us.
Victoria, thank you very much Victoria.
Right now in the country, just the first quarter of 2019 we had 11.2 million threats of cyber attacks in various organizations and various sectors.
You were talking about intelligence and also threat intelligence and hunting intelligence.
Just how useful is this?
It's incredibly useful these days.
We see a lot of organizations being hit by attacks continuously.
We see organizations not be able to distinguish between good network traffic and bad network traffic.
And what we do in the threat intelligence space is we take external context of what's happening on your network and we apply that data set to what's happening internally with your network, with the events on your systems.
And we are able to distinguish between good and bad there.
VICTORIA: Talking about this kind of solution, probably someone will think it's too expensive to get into this.
It can vary dramatically.
You can start using threat intelligence completely free.
We have a free platform you can use.
You can go onto the internet and start looking for things called open source threat intelligence, which is community sourced and published freely available on the internet.
So getting into threat intelligence and producing some sort of basic feeds doesn't have to cost you anything more than time to start off with.
VICTORIA: Talk about hunting for threats.
How useful-- why would an organization go into hunting for threats?
Well, what happens is an organization, say for example a bank within Kenya, might receive information about an attack that is affecting another bank.
That information is shared with them.
And what they might want to do is start hunting within their network and say, have I seen anything related to this attack on my network?
Have I maybe been hit in the early stages of attack and I haven't noticed it yet?
So that's the one thing we do with threat hunting.
The other thing we do is we use it to test our defenses.
So if I know how an attacker typically carries out his malicious behaviors, I can simulate those.
I can attack my own network internally, and I can see what my security operation center actually finds, what they pick up, and what they miss.
And based on that, I can work out which security tools are working effectively, where I have gaps in my vision of what is on wrong with my network, and I have a plan on where to start rectifying and shoring up defenses.
VICTORIA: In terms of numbers, how much has this been able to save in terms of attacker-- I mean cyber attacks.
It's very difficult to quantify, as is many things in cyber security.
But if you look at things like the WannaCry virus that hit two years ago, there was companies who had losses of hundreds of millions of pounds in US dollars, shipping companies in Denmark, the National Health System in the UK.
These were organizations that were hit, and their losses were incredible, just through lost productivity, not being able to ship shipments when they should, not being able to schedule deliveries.
The costs are phenomenal.
So when you look at the cost of threat intelligence, if it can save you one of those, it is invaluable.
But it is very much like an insurance policy.
It is very often a cost that you don't realize until you're hit by an attack.
VICTORIA: And cyber attacks is one of the most threatening when it comes to technology in the country, and the numbers also say that just this year alone, the first quarter, the country lost 29.2 billion shillings on matters, just cyber attacks.
Now, when companies want to invest into this intelligence, probably most of them do not know where to start.
Do you start investing in the people or the systems?
So which one comes first?
The people are difficult at the moment.
There is an incredible cybersecurity skill shortage around the world, and from presentations today definitely a skill shortage in Kenya as well.
So you do have that gap on the number of people available to protect the networks against the number of people needed.
So you have to have people first of all.
So you need to staff up as best you can.
But then what we see people doing, what we see organizations doing is investing in technologies to save on the human cost.
If I can get something automated with the system and I don't have to have a human doing it, I can get away with it.
So it's really a combination.
We have to have people there to do the work.
But we can make them more efficient by providing technology.
VICTORIA: And finally, as we finish this, where do you see when-- from where you sit, where are we heading to in the future?
In the future, well cyber attacks are on the increase worldwide.
I can't see why there would be any difference in Kenya.
I think the region, the East African region, has been particularly hard hit.
A lot of cyber threat actors are looking at East Africa as a test bed.
You have sophisticated infrastructure but maybe still considered slightly remote.
Where hackers will come in and run proof of concepts on their latest malicious software, they'll try it out in Kenya and if it works they'll refine it and then use it in other countries.
So we're going to see cyber attacks constantly increasing, and we need to be able to defend ourselves the best we can.
VICTORIA: Thank you so much for your time.
Thank you very much, Victoria.
Niall MacLeod, the Director Solutions Architect, Anomali, speaking to Metropol TV right here on the second day of CIO 100 Symposium & Awards.
Tomorrow marks the end of this symposium where we'll be having awards to the members, some of the members of CIO and the CEOs form various companies will be awarded tomorrow.
And also a lot of conversation also going on matters just innovation and automation that has been among the major issues that have been discussed here in the second edition of CIO 100 Symposium & Awards.
We'll definitely be keeping you up to date on each and everything that happens.
And from here, from me and my crew from Metropol TV and my guest Niall Cloud, MacLeod it's a good night.