Last month I attended the FS-ISAC Fall Summit and was thrilled to see the overwhelming interest in making security operations more efficient and automated—confirming that the financial industry is shifting from detection-heavy investment to the operationalization of security.
The summit revolved heavily around “strength in sharing.” This topic led to several heated debates focused on the deluge of both public and private threat intelligence feeds and which, if any, should be shared as the act of sharing could open the door for further exposure.
This focus on threat intelligence bled into the vendor exposition hall, where 20% of the booths were leading with messages around threat intelligence, making it the hottest buzzword at the summit.
However, in almost all of my one-on-one conversations and demonstrations with CISOs, SOC Leaders, and analysts, it was common to hear “Whew, I thought you were trying to sell us more threat intelligence” and “the last thing we need is more security data.” I noticed a large sense of relief when discussing our approach and methodology around integrating threat intelligence into real-time security operations.
It seems the threat intelligence vendors are missing the mark.
Comments
Post a Comment