The SOAPA video series is back! In this global pandemic edition, I speak with Hugh Njemanze, CEO of Anomali, a leading threat intelligence platform (TIP). In part 1 of my chat with Hugh, we discuss:
- Security operations difficulties. Enterprise Strategy Group research indicates that 63% of organizations claim that security operations are more difficult than they were 2 years ago. Hugh agrees and believes these difficulties are related to the breadth of tools and practices that are creating visibility and process gaps.
- Issues around alert fatigue and keeping up with security threats. Hugh reminds me that security operations is a big data problem. The challenge is to find threat intelligence insights and share this data with systems of record like SIEM and SOAR. This level of integration can bolster efficiency.
- Operationalizing threat intelligence. I hear this requirement often, so I ask Hugh what the term means to him. Hugh responds that organizations must make better use of threat intel trigger alerts that can help organizations capture the right data and take immediate actions.
- Skills requirements for threat intelligence analysis. Not everyone can hire an ex-intelligence analyst so I ask Hugh how Anomali customers can get continuous value out of their TIP. Hugh described how Anomali Lens “reads” intelligence reports and highlights important details about adversary tactics, techniques, and procedures (TTPs) and indicator of compromise (IoCs). Furthermore, Anomali Match can then be used to compare threat indicators to historical network data. In other words, Anomali applies machine intelligence to help human beings interpret and act upon threat intelligence.
In my humble opinion, TIPs like Anomali are an undervalued but integral part of strong security operations. Thanks to Anomali and Hugh for participating in the ESG SOAPA video series, stay tuned for part 2.