About Us

Staying ahead of advanced threats with ThreatQuotient

Threat Intelligence interview
In an interview with Rahul Raj, Chris Jacob, Global Vice President of ThreatQuotient emphasized the importance of threat segmentation, mitigation, and a comprehensive understanding of the threat landscape to stay ahead of advanced threats. He hopes that XDR (extended detection and response) will become a reality because the more we integrate disparate systems and inject cross-team intelligence, the more effective a company’s security posture will be.
The number of cyber-attacks and security breaches in the IT industry is expected to rise in the coming years. Hackers are expected to gain access to sensitive information from financial institutions and IT firms. To help secure their infrastructure and valuable information, many large corporations are implementing Threat Intelligence Management systems.
Chris Jacob is ThreatQuotient’s Global Vice President of Threat Intelligence Engineering. Chris has nearly 20 years of experience in information security, beginning with his time as a Marine Corps Battalion Information Systems Coordinator. Chris previously held executive positions at SourceFire, Fidelis Cybersecurity, and Webroot.
Rahul: With the threat landscape expanding and evolving, how do you recommend enterprises protect against sophisticated threats with fully integrated layered solutions?
Chris: “What needs to be done in response is heightened communication and collaboration across teams. This collaboration needs to happen much faster than email, messaging, or even face-to-face communication between teams. It needs to happen at the speed of an organization’s security tools.
Going forward, more pressure is going to be put on Cyber Threat Intelligence (CTI) teams to prove a return on investment. Leaders within these teams need to learn how to market their work and celebrate success up to the C-Suite. Additionally, I hope to see XDR (extended detection and response) emerge as a reality. I’m not talking about an XDR “product” but more as an overall concept. The more we can integrate disparate systems and the injection of cross-team intelligence, the more effective a company’s security posture will be.”
Rahul: How should security experts go about simplifying complex policies? and, how does your company assist security experts in accomplishing this?
Chris: “With the shortage of security personnel, automation has become a key strategy to offload repetitive tasks and empower humans to conduct advanced security operations more efficiently. Extended detection and response (XDR) are one way to simplify complex policies and automate across disparate systems and sources that each talk in their own language and format. For years, if not decades, organizations have been investing in security solutions that focus on individual areas. These technologies are often best of breed, but even if they are effective in the intended area, they inherently create silos of information. The promise of XDR is to eliminate this compartmentalization of information and allow all systems to have access to the same data. Because each system is participating, this data continues to be refined resulting in a higher fidelity of intelligence.
From the beginning, ThreatQuotient went out to build a tool to make security more manageable and proactive, enabling customers to have more efficient and effective security operations. We continue to focus on innovation to drive companies towards the SOC of the future, focusing on data management and data analytics; leveraging our open integration architecture to enable data to flow across all systems; and providing the right balance between automation of workflows with empowering security analysts to be able to investigate, make better decisions and take action faster.
ThreatQuotient recently announced a new version of ThreatQ TDR Orchestrator – a simplified, data-driven approach to security operations. Built on the ThreatQ Platform, ThreatQ TDR Orchestrator provides security automation solutions that are easier to use, cheaper than traditional SOAR/automation tools, and learn over time. ThreatQ’s no-code, data-driven approach also means that anyone with business context can understand and maintain workflows, making teams nimbler and more resilient.”
Rahul: What actions do you recommend enterprises take to manage endpoint security across the organization?
Chris: “The place to start is with good end-point policies and a device management solution that enforces those policies. The devil is in the details here, however, since one of the largest risks to endpoint security is created when users look for creative workarounds to get their jobs done. Policy creators need to work with the business units to understand workflows and use cases. This will help them craft security policies that achieve security without negatively impacting business needs.
The next area to explore is arming End Point Detection & Response (EDR) systems with up-to-date and relevant intelligence to work with. This is a joint effort between the Threat Intelligence team and the operations team responsible for the EDR solution. The most effective approach is to automate this step as much as possible with bi-direction integrations that allow the Intel team to learn from what the EDR is actually seeing and responding to.”
Rahul: Given the rapidity at which malware infiltrates infrastructure, how can organizations speed up their threat mitigation efforts?
Chris: “First and foremost, slow the spread of infection through segmentation. Networks should be logically segmented to decrease the ability of a threat actor to move laterally throughout the infrastructure. This also allows administrators to disconnect smaller portions of the network to allow unaffected groups to continue to work during the containment/mitigation phase.

The next key factor for quick mitigation is frequent offsite backups. While this would seem to fall in the restoration phase, the confidence of uninfected backups allows the incident response group to more quickly “pull the plug” on the network segments that appear impacted by the attack.

The Threat Intelligence Team must maintain a proper Threat Library, a full understanding of the threats an organization faces, to arm the incident response team with the pieces of information they need to get started on a proper containment and mitigation effort. Integration between the Threat Library and the security infrastructure can help automate much of this work, such as blocking hashes via EDR, feeding IOCs of interest to the SIEM, etc.”

Rahul: What are your predictions for threat intelligence trends? And how do you recommend organizations keep up with and deal with them?

Chris: “Threat actors will continue to become faster and more sophisticated in their tactics, techniques, and procedures. The ease with which ransomware can be monetized puts all companies at risk and will continue to be a challenge. The attack surface will also continue to grow as a result of cloud remote workers and an increasingly digital supply chain. 

My team believes that all data, not just threat data, is security data and this provides context to help security teams make the best decisions and take the right actions. Much of this data comes through integrations, so any solution to enable the security operations center (SOC) of the future must be built on an open integration architecture that can bring in third-party data, intelligence feeds, and internal data, and send out relevant data to drive actions and response. Finally, balanced automation is essential, where automation and analysts have a symbiotic relationship where both are empowered by data.”

In the spotlight

Recent Interviews