At the MENA Information Security Conference (MENA ISC) held in Riyadh, Andrew de Lange, Senior Solutions Consultant at Anomali, participated in a panel discussion entitled Leveraging Threat and Vulnerability Intelligence to Make Cyber Space Safe. Following the panel discussion Andrew spoke with VirtuPort TV about how to use threat and vulnerability information in your intelligence program. Mena ISC is the premier cybersecurity conference in the Middle East with the purpose of creating opportunities for those in information security to learn about important issues, connect with peers and hear from thought leaders.
Key topics from the discussion include:
- Highlights from the panel discussion
- Investing time in people is crucial for defending your organization against cyber attacks
- The importance of a vulnerability management team
- Best practices for scanning your network
- Prioritization of patches
- Understand where you are vulnerable and what could be attacking you
- Anomali’s local resources
Welcome back after this short break and now we are going to have our esteemed guest here, [INAUDIBLE] Mr. Andrew De Lange, Senior Solution Consultant at Anomali.
We're very glad to have you at the conference and in this session, and in the studio as well.
And you were a speaker at the panel discussion, and this panel discussion was titled, Leveraging Threat and Vulnerability Intelligence to make cyberspace safe.
I would like to know what a brief about it.
How was the conversation, and what was the outcomes of such a panel?
I think that the panel was incredible.
You know, the host was amazing.
I think that what we ended up talking about using threat intelligence and vulnerability intelligence is ensuring that building a cybersecurity, and building with cyber threat intelligence program is an integral part these days of organizations and their cyber security strategy.
One of the things that we all definitely agreed upon was the fact that we need to invest time in people.
People are our key leverage that we need against the attackers, because the attackers are working and collaborating together.
We need to make sure that we train people you know within the kingdom.
And I've seen personally that many companies are doing this and I'm sure this will continue for long to come, but it is definite 100% that the technology, the people everything, needs to work and incisively together to build a very, very good intelligence program.
So when it comes to vulnerability management, is it more into these [INAUDIBLE] staff or more into the strong software, and the highly advanced software systems and devices.
So what percentage?
Yeah, percentage wise, I will say that there are some really, really good tools out there.
Obviously, you know, we are at this wonderful conference with wonderful exhibitors showing their wonderful technologies, and it's difficult to name a specific one.
But at the end of the day, it is the problem that you sometimes will face is that, when it comes to vulnerabilities, is that your focus needs to shift a little bit, when it comes to the patch management for things like this.
In terms of understanding with using threat intelligence, which vulnerabilities are currently being exploited, which vulnerabilities are maybe being targeted against specific regions of the world.
For example, let's focus on the Kingdom.
If we know that a specific type of attacker, from a specific region in the world is targeting the Kingdom of Saudi Arabia's oil and gas, using specific attack methods, we need to understand, as analysts and as cybersecurity professionals, what are the tactics that we should be looking for.
And it comes down to patching our systems as well.
If an attacker is exploiting a specific vulnerability, let's maybe drop or trying to patch zero days, and focus on that specific vulnerability that might have been in our environment for a very long time.
But are there any essential steps organizations should follow in order to minimize vulnerability as much as they can by using a moderate approach, let's say.
Yes, yes, so definitely have a vulnerability management team.
People that actually scan across your network for vulnerabilities on a regular basis, and make sure that these scans are looked at and analyzed, and understood that making priority of a specific patch is key to any vulnerability management program.
And it's just understanding yourself, knowing yourself as an organization, knowing where you are vulnerable, and making sure that you plug those holes.
Great, and that's end of our discussion.
I would like to get the final words or messages you would like to deliver regarding that area.
So what I would like to say in terms of threat intelligence, and the future of threat intelligence, is that definitely it's growing and is something that has for the last couple of years.
I have been a threat intelligence analyst myself, for the two big banks in South Africa.
I have moved to the Middle East.
I've focused on the Middle East now.
And there is a lot of intelligence to be gathered for the Middle.
East there is a lot of activity happening.
We have many initiatives happening in the UAE.
We have many initiatives happening in the Kingdom as well.
These are all kind of points that attackers will use to try and disrupt certain initiatives.
I think that having intelligence around what could be attacking us, is a key, key component of building a successful cybersecurity program as a whole.
And you know, there are many vendors that will be able to give you information about threat intelligence.
We are normally very, very focused in the region as well, so it is just building a threat intelligence program, getting the people excited about threat intelligence, and getting them thinking out of the box.
Great, and then I'd like to thank you very much for your time and for the interview.
Definitely that was Mr. Andrew De Lange, Senior Solutions Consultant at Anomali.
And there's our break.
We'll be right back, thank you.