Welcome!

Agile Computing Authors: AppNeta Blog, Gerardo A Dada, Liz McMillan, Pat Romanski, AppDynamics Blog

Related Topics: Agile Computing

Agile Computing: Blog Post

Getting Back to the Basics of Actionable Threat Intelligence

Shoot, move and communicate more effectively

I remember it like it was yesterday, the first few hours of basic training. I stood there cooking in the South Carolina humidity with a very loud and short man, named Drill Sergeant Doll screaming a few inches from my ear, "You need to shoot, move and communicate!" At the time, I had absolutely no clue what he was talking about. However, over the course of a few weeks I would start to understand that these would be the basic skills I needed to successfully complete my training.

Later, I would learn that these three skills needed to be honed together and each soldier would eventually take what they learned and apply it under the pressure of a live fire exercise. This would test our ability to work as a team, each soldier required to direct precise suppressing fire, moving swiftly in alternating bounding movements towards an objective all while communicating with one another, taking care not to shoot a fellow team member. "Shoot, Move, and Communicate" became the cornerstone of our military training.

We see communication as a vital attribute underpinning much of what we do as a community on a daily basis. We communicate within our circle of influence, within and across our organizations, as well as with external parties or even autonomous machines. Communication is what builds interpersonal relationships and is what allows us to draw upon a larger community that then becomes a countermeasure, which can be organized and wielded against modern threats.

Teamwork Makes the Dream Work
Not unlike training for and conducting conventional combat, neutralizing asymmetric cyber threats requires some of the same basic teamwork skills. The njRAT infrastructure takedown operation conducted by Microsoft this week has been nothing short of controversial. If you shoot and move but fail to communicate, the result often means someone is going to get hurt. The unilateral takedown has served its purpose of impacting the attackers, but has also negatively effected all the stakeholders, such as Microsoft,  Vitalwerks (NO-IP), and its users alike.

While this is a highly complex example, the anatomy of the problem is disguised behind a two-front war, and as we look closer, the Microsoft takedown illuminates some of the problems we face today. Certainly there are the obvious technical challenges that the threats pose, but those are largely dwarfed in comparison to the interpersonal, social and cultural issues we have with one another, our individual motivations, as well as how and why we choose to communicate. The fallout between Microsoft and Vitalwerks (NO-IP) is a strategic inflection point within a decade old industry that seemingly fumbles every time one of us gets the ball.

There are many viewpoints, both for and against the actions Microsoft took, that have been posted on blogs, discussed on mailing lists and questioned in the news. Like trying to solve any challenge faced on a global scale, pulling one lever will undoubtedly move three or four somewhere else, triggering unforeseen consequences, in many cases becoming the new focal point and problem. As an industry, we need to become more situationally aware and selfless. We cannot continue to go at it alone, nor should we try. Unity is our strength. The sooner we all recognize this, the more effective we will be in dealing with common adversaries.

Solution Focused vs. Problem Focused
We specifically engineered ThreatConnect to be the enterprise solution that allows the security community to cross the chasm that exists between the technical and non-technical security challenges we face today. ThreatConnect was created with the intention of giving anyone the ability to easily develop and control their own threat intelligence by aggregating data from any source they deemed of value, allowing them to analyze and dynamically enrich contextualized indicators over time with the ability to communicate their findings in a controlled and trusted manner.

This flexibility gives analysts and network defense personnel the precision that is needed to accurately focus in on specific indicator types of interest and effectively manage their knowledge and pool resources. When it comes time to operationalize the information and coordinate their neutralization, there are capabilities to communicate around the data, intent to convey and actions to coordinate in order to minimize the risk of uninformed stakeholders and unintended consequences.

No Excuses
In today's highly connected world, there should be no excuse for breakdowns in communication when conducting such important and delicate operations as infrastructure takedowns. As of late April 2014, ThreatConnect has been sponsoring a free private ThreatConnect Community, proactively reaching out to service providers who are victims of abuse and wish to actively contribute resources to support coordinated takedown operations.

This emerging community is populated with vetted individuals and organizations within enterprise security teams, dynamic DNS providers and domain registrars. The goal is to deliver a platform and environment in which all stakeholders can easily come together and adopt a selfless attitude, and then deliver results for the common interest of our users and customers.

On a daily basis, the ThreatConnect Intelligence Research Team (TCIRT) leverages ThreatConnect to effectively share information and collaborate with large organizations, such as Microsoft and small to medium sized organizations, like Vitalwerks (NO-IP), so they are able to act on information in a coordinated manner. We do this because it is the right thing to do and the best way to do it.

If you or your organization is interested in participating in this community or others in ThreatConnect, register for a free basic account and get started, so you can do your part and enter into a community which will allow you to shoot, move, and communicate more effectively.

More Stories By Rich Barger

Rich is the Chief Intelligence Officer for Cyber Squared and the ThreatConnect Intelligence Research Team (TCIRT) Director.

@ThingsExpo Stories
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Dave McCarthy, Director of Products at Bsquare Corporation; Alan Williamson, Principal...
Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, will discuss how AI can simplify cloud operations. He will cover the following topics: why clou...
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself. Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, discussed how VPaaS enables you to move fast, creating scalable video experiences that reach your aud...
"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, provided an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data professionals...
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2017 New York The 7th Internet of @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, New York. Chris Matthieu is the co-founder and CTO of Octoblu, a revolutionary real-time IoT platform recently acquired by Citrix. Octoblu connects things, systems, people and clouds to a global mesh network allowing users to automate and control design flo...
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web co...