The Future of Threat Intelligence at Netflix
UPDATE: I am pleased to announce that Chris Cochran has joined the team to lead our intelligence program. He will be posting the rest of the articles in this series and I will link over to his work from here!
I have been chatting with Mary Landesman, our intelligence lead, about how best to derrive business value from threat intelligence in Netflix’s unique culture and modern technology stack. Threat intelligence can be a slippery concept. While we have seen it work well, we have also seen it struggle to keep up with changing technologies and observed uneven return on investment across industries and organizations. We came up with a bunch of questions and a few promising theories. I will share those in a series of posts in the hope of drawing out debate and new ideas. Mary is looking towards retirement! So we are looking for the next generation intelligence leader to continue our momentum for Netflix, and the broader community. If that sounds interesting please get in touch: [email protected]
Thanks to Mary for the insights and rewrites. Some of the topics (I will add links as they post):
- The evolution of IOCs
- Attribution
- Intelligence for Vulnerability Management
- Intelligence for Fraud Prevention (Chris)
- Intelligence: Right Down AppSec Lane (Chris)
- Physical and Information Security Convergence
- Detecting Pre-Operational Surveillance
- Strategic Security Intelligence
- Requirements gathering, feedback, and the intelligence cycle
- Building sustainable threat sharing communities that add value
VP Cybersecurity Sales Engineering | Oxford AI Candidate
6 年one element (that i don't see listed here) is intelligence for the end user. The intersection of threat intel and security awareness is telling payroll that there's an uptick in BEC scams... deriving high-value targets from internal data set and correlating with external threat activity... etc. significant ROI
Mid-Atlantic Regional Manager
6 年I am glad to see they included?Intelligence for Vulnerability Management
I help government and fortune 100 organizations define, develop and implement automated solutions using bleeding edge technology and A.I.
6 年Aside from tracking atomic IOCs from different threat actors, adversaries, and threat groups.I think it’s important to build a threat profile and look at the behavior and characteristics to build your alerting. Also, looking at your environments current vulnerabilities and determining your toolstacks limitations might help you identify potential exploits before they occur. OSINT has its uses, but noise reduction is key for a successful threat Intel program. If you are lucky enough to have a CMBD or know your Crown Jewels, then start there and work with your product teams.
Principal Engineer specializing in Security Operations, Response, Automation and Threat Intelligence - @SOCologize, co-founder of TTP0
6 年I wouldn’t use it and would begin creating my own internal threat intelligence program. Use external TI to help with program enhancements.