Threat Intelligence: The Difference Between Good and BadJohn Watters Of iSight Partners on How to Separate Signal from Noise
The term threat intelligence often is bandied around in computer security. There are a host of companies that specialize in this field, which intends to deliver the most crucial and actionable information that can help companies dodge data breaches.
One of those companies is iSight Partners, which was acquired earlier this year by FireEye. iSight founder John Watters says that companies are inundated with so much technical data on attacks that it can be difficult to figure out which one to prioritize.
"Bad intel is just data that may or may not be bad," Watters says. "It's not verified, so you're not sure whether it's a false positive or not or if you can drive any action on it. What you're doing is further complicating the job of the security operations team."
Good intelligence, on the other hand, has context: The actor and their objective are known, as well as their tools and procedures. Armed with this information, organizations can organize their responses and protect their most critical assets.
In this audio interview, Watters discusses:
- What organizations do with accurate intelligence reports;
- Why attribution matters less to companies than to governments;
- How organizations are increasingly using encryption to protect email.
Watters founded iSight Partners in 2006. He was previously CEO of iDefense, another computer security firm, which was acquired by VeriSign. Before becoming interested in information security, he was an investor.