Introduction. At Gate 15, our team focuses on risk management and organizational security and resilience, with unique expertise in threat analysis, operations and preparedness (planning, training, exercise and continuity) support. Recognizing that clients and partners require additional technology, services and capabilities to effectively manage their complete risk profile, our team partners with organizations that can enhance our competencies and which offer additional risk management resources that complement our capabilities. On the “About Us” page of this website, you’ll see some of our outstanding partners. In a five-part series, we’ll be posting updates with interviews with these partners to share more about what they do and how they can help organizations reduce their risk and enhance preparedness, security and resilience.
In a few sentences, can you describe generally how SurfWatch Labs and your products and solutions help your clients better understand the threat environment and how that ties into decreasing their risk? Most of the threat intelligence feeds and solutions provide threat information, as opposed to intelligence, that has to be verified as being real, and then analyzed for relevancy and importance. The foundation of our intelligence gathering and delivery is that we’re automatically collecting cyber event data, standardizing that and verifying that the information is accurate. It’s all in plain English and broken down into who is behind the threat, what are they targeting, how are they carrying out that threat, and what is the impact. With this intel as the baseline we add human intelligence on top to personalize and contextualize the threat information based on your business profile, your supply chain and your industry. With that accurate, relevant and timely intel comes prescribed risk mitigation steps so it’s not only “here’s your problem” it’s “here’s your problem and here’s how to address it.”
I love that! I think that is how organizations go from noise to actionable threat intelligence. We’ve had SurfWatch Labs join our team on several webinars to talk about Deep and Dark Web threat intelligence. Those have been very well received and the team has shared great insights across the critical infrastructure threat landscape. As you’ve written about before, there is a lot of noise about threat intel and the deep and dark web. What distinguishes SurfWatch Labs from other solution providers? In general, “threat intelligence” means different things to different people and vendors. We approach it from a practical standpoint. For example, our customers only want to know about threats that are relevant to their business. And they want to understand the impact of those threats so they can make proper risk management decisions. The next obvious question is if the identified threat could cause some level of impact, how can the customer address it. Most intelligence solutions just provide data that requires teams of expensive resources to make sense of and determine the proper course of action.
When it comes to Dark Web intelligence, we look at this as an important source, but just one of many sources of data. It really comes down to opening up the data collection aperture wide enough to make sure you don’t miss critical cyber events, but have the right processes in place to quickly filter out that noise and determine what is important to the customer.
Increasingly, in both cyber and physical security, leaders are finding the value of participating in collaborative information sharing networks, such as Information Sharing and Analysis Centers (ISACs) and Organizations (ISAOs). Can you explain how SurfWatch Labs can enhance collaborative information sharing? While information sharing is always a good thing, the increase in ISACs and ISAOs does present a little bit of a challenge. The increase in sharing organizations creates a situation where users have different options available to them, with varying levels of costs and capabilities and it can be overwhelming to navigate. Now what if you could create your own private ISAO – a trusted information sharing group that you and your community define – with key stakeholders across your organization, your customers, partners, and vendors? If there is intel that could impact multiple folks and you could share different intel with different groups and vice versa, then there is real value because it’s not general intel, but specific to the stakeholders. SurfWatch provides the capability so that our customers can share the right intel with the right people. The bottom line here is we prefer to advocate that from an intelligence program perspective, is that you create your own private ISAC that is modeled off your organization’s needs. Then as a part of that effort, identify your capability gaps and pull in outside sharing entities that best close those gaps.
The idea of creating a trusted info sharing group, vs. joining a group that may be seeking to meet a community’s needs is a critical point. While both can approaches can be successful, for an info sharing group to work, there has to be trust and buy-in. With SurfWatch, you provide that framework that can allow those groups to self-identify, organize and then execute info sharing activities in an effective environment. You’ve written quite a bit about threatintel and analysis – some great insights and perspective. If I were an organization just starting to develop or mature my threat awareness program, what advice would you give me? Threat intelligence is a challenge as data collection, processing and analysis can quickly get out of hand and suck a large amount of resources. This is why many of our customers not only use our software, but also rely on our analyst team to help them create a personalized profile that we then monitor the threat landscape against, so that if there is a relevant threat identified, we tell them about it and provide as much context and practical guidance as we can. This allows the customer to take the finished intel and apply it to their security processes and ultimately ensure a better outcome – without needing to become an intelligence expert. So with all that said, I think the most important thing is to get a handle on your own environment in terms of risks. From there, knowing what’s coming is the next step. Before you bring in intel, you should determine what you want it to drive and how would it either fit in or change existing processes such as incident response, reporting to the board, fraud awareness, etc.?
If someone reading this post is curious for more information about your products and services, what’s the best way to get more information? Our website has a lot of good resources and content, so I’d probably start there at www.surfwatchlabs.com. We also have a very well-written blog at blog.surfwatchlabs.com. For specific questions, I’d suggest sending an email to firstname.lastname@example.org or calling our main number 1.866.855.5444 and selecting the department you’re looking to reach.
Thank you, Adam! We always enjoy collaborating with the SurfWatch team and appreciate the capabilities and perspective you bring to enhancing effective information sharing and reducing organizational risk!