A new CrowdStrike® podcast series hosted by Cybercrime Magazine focuses on the critical role cyber threat intelligence (CTI) plays in an effective cybersecurity strategy. The series features CrowdStrike SVP of Intelligence Adam Meyers, a renowned expert in the field of cyber intelligence and a highly sought-after speaker. In this 12-part series, Meyers will cover a wide array of CTI topics ranging from how to build an effective threat intelligence practice to how adversaries and the threat landscape are evolving and what organizations can do to better protect themselves.
A new podcast will be released weekly, and the first three are available now. Here’s a quick summary of the first four podcasts and the lineup for the following episodes. Put them on your list!’
Meyers has long been considered a leading expert in the field of threat intelligence. In this first podcast to launch the series, he explains how his wide-ranging interests — from political science to epidemiology to computer science — and his work in both government and commercial organizations have contributed to his passion for and expertise in CTI. You’ll hear about the team of unmatched intelligence experts Meyers has built at CrowdStrike and how his team has evolved. He began with a mission to build government-quality intelligence for the private sector, focusing on nation-state adversaries, and the team soon evolved into tracking eCrime, hacktivism and recently, COVID-19-themed attacks.
Meyers discusses the importance of knowing the capabilities and intentions of cyber adversaries that are targeting your organization and industry. He stresses that staying ahead of today’s ever-evolving adversary groups is critical and can’t be accomplished without effective CTI. Ultimately, understanding as much as possible about the “who, what and how” of your attacker is key. Meyers says, “I think about trying to bring the right components of technology and the right information together to ensure that you can, if not prevent, then certainly very quickly detect an adversary as they make attempts to access your infrastructure.”
Meyers discusses the importance of keeping C-level executives and board members apprised of security and risk issues and offers recommendations on the best way to present CTI to them. He recommends starting with basic information that enables them to understand what’s going on and how it may impact the organization. He explains the importance of understanding what the C-suite wants to gain from the discussion. You must first ask, “Who is your audience? Who are you bringing this intelligence to, and what is your expected outcome? Because you need to really understand what they are hoping to get out of this information.” He feels this is particularly critical because many organizations try to figure out their return on investment for threat intelligence before they have defined what threat intelligence is to them and what their measurements of success are.
How CTI Helps Security Operations Center (SOC) Teams and Incident Response (IR)
The benefits that CTI offers to SOC and IR teams start with intelligence automation, which makes their jobs easier. Meyers discusses the importance of offering context and analysis to threats, giving teams a better perspective and understanding of each threat and its potential capabilities. Meyers believes that CTI can be particularly beneficial to investigations being conducted in real time: “If they’re dealing with an active incident where the adversary is still there, understanding how to properly mitigate that incident so as not to cause the adversary to do something that would be unexpected or perhaps disruptive or destructive is critical. It’s really a very important part of the IR side of things.”