Tom Topping, the senior director of strategic programs for FireEye, said agencies need to understand their risks and use cyber threat intelligence to better mitigate them.
Definition of Cyber Threat Intelligence
Really for it to become intelligence, you have to analyze the data in such as a way that it becomes useful,.
Senior Director, Strategic Programs, FireEye
Cyber Threat Intelligence Program Implementation
If you can take cyber intelligence and use that to understand who your threat actors are and if you know who is coming after you and you know how they attack organizations, all of a sudden your problems become smaller.
Senior Director, Strategic Programs, FireEye
The federal government recognized early that it doesn’t corner the market on cyber threat intelligence. This concept becomes even more important when you consider the growing use of connected devices and the fact that 85 percent of the nation’s critical infrastructure is run by the private sector.
The Homeland Security Department has launched several programs over the last five years to improve the collection and sharing of cyber threat data.
DHS’s Automated Indicator Sharing (AIS) program turned two years old back in October. While progress to achieve two-way sharing has been slower than the agency hoped, more than 250 commercial organizations are participating in AIS where most of the sharing is one way—from the government to industry.
Over at the Defense Department, the Joint Force Headquarters-DoD Information Networks is testing a new data analytics platform that’s meant to use automated data analytics techniques to spot the sorts of behavior adversaries have been known to engage in as they lay the groundwork for an attack.
Tom Topping, the senior director of strategic programs for FireEye, said agencies need to a better job analyzing information to make it more valuable.
“Really for it to become intelligence, you have to analyze the data in such as a way that it becomes useful,” Topping said on the Innovation in Government show. “To someone who needs to use it, it has to be timely, it has to be accurate and they’ve got to be able to use it.”
Topping said public and private sector organizations have an opportunity use the cyber threat data to improve their defenses against attacks.
“If you can take cyber intelligence and use that to understand who your threat actors are and if you know who is coming after you and you know how they attack organizations, all of a sudden your problems become smaller,” he said. “That is one of the real metrics you want cyber intelligence to do for you. You don’t want it to flood you with data and make your problem harder. You want it enable your organization to focus and then to take it from very specific indicators all the way up to being able to talk to the executives about risk.”
And it’s that risk management discussion is where the value of cyber threat intelligence increases.
Topping said as agencies implement the National Institute of Standards and Technology’s Risk Management Framework, they will have a better grasp of what their high value assets are and what hackers may be coming after, and what are the consequences of that data being stolen, changed or destroyed?
“It’s only from that can an organization decide what’s appropriate for addressing the risk,” he said. “Then you want to turn to cyber threat intelligence to look at those threat actors that are targeting that kind of information, what tools, techniques and procedures (TTPs) that they are using to breach organization, compromise that information and steal it. That’s how cyber threat intelligence can make a difference for a lot of organizations.”
Topping added that the more an organization can focus on the threats and risks, the more efficient they can be in defending their systems and data, including deploying tools and people.
“At the tactical level, if that cyber threat intelligence is deep and current, you can take those indictors and TTPs and you can plug them into your sensors and look into those parts of your systems where the bad guys are going to operate and you can give the people on the very front line the data and direction they need to go find those threat actors that are most concerning for you,” he said. “Comprehensive cyber threat intelligence can enable the people in the security operations center and the chief information security officer to approach the executive team and talk to the executive team in terms of risk around the mission. That is how the leadership thinks, what is the risk to the organization? Having that cyber threat intelligence that can span that from tactical to strategic enables the folks to have a conversation with leadership around the risks to the mission.”
Topping said agencies should start down the path of using more cyber threat intelligence by conducting an internal review to see what data they have access to and what results they are getting from the information. Then ask for help from industry or other federal partners to fill in any gaps.
FireEye is an intelligence-led security company. Working as a seamless and scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, military-grade threat intelligence and world-renowned Mandiant expertise.
FireEye’s focus on Government enables federal, state, local and public education entities to save time and money as they look to add holistic, cloud-based security to meet the challenges of delivering on advanced threat protection. With recent achievement of FedRAMP authorization for its cloud-based Email Threat Prevention (ETP) solution, FireEye continues its pursuit in supporting key Government missions around the world.
FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent and respond to cyber attacks. FireEye has over 5,800 customers across 67 countries, including more than 40 percent of the Forbes Global 2000.
Tom Topping is FireEye’s Sr. Director for Strategic Programs. In this capacity, Mr. Topping works closely with both FireEye Leadership and Federal Government leadership to ensure alignment between Federal programs and FireEye capabilities.
Mr. Topping joined FireEye in early 2010 as a founding member of FireEye’s Federal team. Since that time Mr. Topping has worked as both an individual contributor and as a team leader. Mr. Topping is an accomplished speaker and often presents security topics or FireEye specific content at customer meetings and industry events.
Prior to joining FireEye Mr. Topping lead all Federal Operations for Email security company IronPort. Mr. Topping lead the IronPort team to become the leading Email Security technology adopted within the US Federal Market; this included installations within US Army AKO, US Navy NMCI, DISA’s Enterprise Email, Department of Veteran Affairs, Department of Transportation, and many others.
Since graduating from Oregon State University in 1981, with a BS degree in Management Science, Mr. Topping has worked as a Software Engineer, Network Architect, Systems Engineer, Strategic Account Manager, and Sales Director for companies such as CACI, MITRE, IronPort, and Cisco.
In his spare time Mr. Topping spends time with his family on their five-acre horse farm and pursues personal interests in scuba diving and fishing.
Jason Miller is an executive editor and reporter with Federal News Radio. As executive editor, Jason helps direct the news coverage of the station and works with reporters to ensure a broad range of coverage of federal technology, procurement, finance and human resource news.As a reporter, Jason focuses mainly on technology and procurement issues, including cybersecurity, e-government and acquisition policies and programs.