Palo Alto Networks CSO Rick Howard addressed attendees at the 2014 Gartner Security and Risk Management Summit on Monday, emphasizing the hows and whys of building a cyber intelligence team. What's needed is not just "intelligence" but actionable intelligence; as Rick explained, "sometimes there is too much data and not all intelligence is created equal."
Rick urged attendees to focus on how security analysts pull in intelligence and use automation, processes and tools to qualify intelligence data, build profiles of cyber security adversaries -- who they are and why and how they would want to steal data -- and also work with peers to share information, best practices and actionable insights when dealing with those adversaries.
The incident response model from 10 years ago is too focused on reacting to cyber events that are already happening, Rick noted. "You were cleaning up the biggest messes because those were easier to see," Rick said. "It's the attacks you aren't seeing and don't know about -- that's where an intelligence team comes in handy and all of its learnings can be used to protect your assets."
Rick led a discussion with two representatives from Palo Alto Networks customers, Adam Rice, CISO at ATK, and Sheryl Hanchar, Senior Manager of Security for Broadcom.
The Gartner Summit continues through Wednesday. Visit Palo Alto Networks at Booth #308 during exhibit hours and check out some photos from the conference below.