Welcome!

Agile Computing Authors: Carmen Gonzalez, Yeshim Deniz, Elizabeth White, XebiaLabs Blog, Liz McMillan

Related Topics: Agile Computing

Agile Computing: Blog Post

Getting Back to the Basics of Actionable Threat Intelligence

Shoot, move and communicate more effectively

I remember it like it was yesterday, the first few hours of basic training. I stood there cooking in the South Carolina humidity with a very loud and short man, named Drill Sergeant Doll screaming a few inches from my ear, "You need to shoot, move and communicate!" At the time, I had absolutely no clue what he was talking about. However, over the course of a few weeks I would start to understand that these would be the basic skills I needed to successfully complete my training.

Later, I would learn that these three skills needed to be honed together and each soldier would eventually take what they learned and apply it under the pressure of a live fire exercise. This would test our ability to work as a team, each soldier required to direct precise suppressing fire, moving swiftly in alternating bounding movements towards an objective all while communicating with one another, taking care not to shoot a fellow team member. "Shoot, Move, and Communicate" became the cornerstone of our military training.

We see communication as a vital attribute underpinning much of what we do as a community on a daily basis. We communicate within our circle of influence, within and across our organizations, as well as with external parties or even autonomous machines. Communication is what builds interpersonal relationships and is what allows us to draw upon a larger community that then becomes a countermeasure, which can be organized and wielded against modern threats.

Teamwork Makes the Dream Work
Not unlike training for and conducting conventional combat, neutralizing asymmetric cyber threats requires some of the same basic teamwork skills. The njRAT infrastructure takedown operation conducted by Microsoft this week has been nothing short of controversial. If you shoot and move but fail to communicate, the result often means someone is going to get hurt. The unilateral takedown has served its purpose of impacting the attackers, but has also negatively effected all the stakeholders, such as Microsoft,  Vitalwerks (NO-IP), and its users alike.

While this is a highly complex example, the anatomy of the problem is disguised behind a two-front war, and as we look closer, the Microsoft takedown illuminates some of the problems we face today. Certainly there are the obvious technical challenges that the threats pose, but those are largely dwarfed in comparison to the interpersonal, social and cultural issues we have with one another, our individual motivations, as well as how and why we choose to communicate. The fallout between Microsoft and Vitalwerks (NO-IP) is a strategic inflection point within a decade old industry that seemingly fumbles every time one of us gets the ball.

There are many viewpoints, both for and against the actions Microsoft took, that have been posted on blogs, discussed on mailing lists and questioned in the news. Like trying to solve any challenge faced on a global scale, pulling one lever will undoubtedly move three or four somewhere else, triggering unforeseen consequences, in many cases becoming the new focal point and problem. As an industry, we need to become more situationally aware and selfless. We cannot continue to go at it alone, nor should we try. Unity is our strength. The sooner we all recognize this, the more effective we will be in dealing with common adversaries.

Solution Focused vs. Problem Focused
We specifically engineered ThreatConnect to be the enterprise solution that allows the security community to cross the chasm that exists between the technical and non-technical security challenges we face today. ThreatConnect was created with the intention of giving anyone the ability to easily develop and control their own threat intelligence by aggregating data from any source they deemed of value, allowing them to analyze and dynamically enrich contextualized indicators over time with the ability to communicate their findings in a controlled and trusted manner.

This flexibility gives analysts and network defense personnel the precision that is needed to accurately focus in on specific indicator types of interest and effectively manage their knowledge and pool resources. When it comes time to operationalize the information and coordinate their neutralization, there are capabilities to communicate around the data, intent to convey and actions to coordinate in order to minimize the risk of uninformed stakeholders and unintended consequences.

No Excuses
In today's highly connected world, there should be no excuse for breakdowns in communication when conducting such important and delicate operations as infrastructure takedowns. As of late April 2014, ThreatConnect has been sponsoring a free private ThreatConnect Community, proactively reaching out to service providers who are victims of abuse and wish to actively contribute resources to support coordinated takedown operations.

This emerging community is populated with vetted individuals and organizations within enterprise security teams, dynamic DNS providers and domain registrars. The goal is to deliver a platform and environment in which all stakeholders can easily come together and adopt a selfless attitude, and then deliver results for the common interest of our users and customers.

On a daily basis, the ThreatConnect Intelligence Research Team (TCIRT) leverages ThreatConnect to effectively share information and collaborate with large organizations, such as Microsoft and small to medium sized organizations, like Vitalwerks (NO-IP), so they are able to act on information in a coordinated manner. We do this because it is the right thing to do and the best way to do it.

If you or your organization is interested in participating in this community or others in ThreatConnect, register for a free basic account and get started, so you can do your part and enter into a community which will allow you to shoot, move, and communicate more effectively.

More Stories By Rich Barger

Rich is the Chief Intelligence Officer for Cyber Squared and the ThreatConnect Intelligence Research Team (TCIRT) Director.

@ThingsExpo Stories
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software in the hope of capturing value in IoT. Although IoT is relatively new in the market, it has already gone through many promotional terms such as IoE, IoX, SDX, Edge/Fog, Mist Compute, etc. Ultimately, irrespective of the name, it is about deriving value from independent software assets participating in an ecosystem as one comprehensive solution.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
The age of Digital Disruption is evolving into the next era – Digital Cohesion, an age in which applications securely self-assemble and deliver predictive services that continuously adapt to user behavior. Information from devices, sensors and applications around us will drive services seamlessly across mobile and fixed devices/infrastructure. This evolution is happening now in software defined services and secure networking. Four key drivers – Performance, Economics, Interoperability and Trust ...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in compute, storage and networking technologies, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/...
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Analytic. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
Judith Hurwitz is president and CEO of Hurwitz & Associates, a Needham, Mass., research and consulting firm focused on emerging technology, including big data, cognitive computing and governance. She is co-author of the book Cognitive Computing and Big Data Analytics, published in 2015. Her Cloud Expo session, "What Is the Business Imperative for Cognitive Computing?" is scheduled for Wednesday, June 8, at 8:40 a.m. In it, she puts cognitive computing into perspective with its value to the busin...