James Chappell, co-founder and CTO of Digital Shadows, knows what large enterprises need to stay protected. He introduced the concept of cyber situational awareness, an all-encompassing take on threat intelligence as it pertains to each customer.
“Our clients are interested in what’s going on around them,” said Chappell. “They want to know what tactics are being used around them and what they should do to align their defenses.”
Chappell recently sat down with Richard Stiennon for an in-depth interview during the 2016 RSA Conference in San Francisco. He provided a unique take on threat intelligence and explained how his company serves its clients.
“The term ‘situational awareness’ comes from the military,” said Chappell. “Just as you might imagine a general stood on top of a hill with a pair of binoculars, trying to work out where to place his assets in the field, and to work out what’s going to come over the horizon at those assets. That’s a good way to look at how you defend a business.”
Chappell described threat intelligence as being an “overloaded term” that “means a lot of different things to a lot of different people.”
“Part of the market is about data feeds and has some value,” he said. “You can reconfigure the network in response to those.”
No enterprise is afforded the luxury of infinite resources. Chappell understands that every business must figure out how to implement those resources to the best effect, and to do it in a way that’s tailored toward each company’s individual situation.
“If you place yourself in the shoes of an attacker, look at your infrastructure as an attacker would, and then look at the changes in behavior over time, you’re going to learn a lot more,” Chappell explained. “So it’s more context-based — looking at tactics and motivations — and then looking at your own assets within the context of those threats.”
Security breaches are more common and more publicized than ever before. Unfortunately, it could be a while before the situation changes.
“I think we’re working in a much more complicated world,” said Chappell. “Our reliance on technology is going up, it’s not going down. Because of that we’re seeing much more complexity in the attacks.”
In the old days, hackers would initiate DDoS attacks and deface company websites. Now hacktivists steal data and publish it online.
“2015 was the year of extortion, right?” Chappell questioned. “[In] 2016, it doesn’t look like that trend is going to stop.”
If anything, Chappell said hackers have proven that extortion has become a “business model,” ensuring it will continue.
As far as the company’s history is concerned, Chappell said that Digital Shadows is “very fortunate” to have started out in the financial services sector.
“We did a lot of work early on with Tier 1 banks because they were early adopters of this technology,” he said. “We have actually broadened out much further than this, so now we work with large supermarkets, we work with energy companies, utilities, pretty much anyone in a larger enterprise who’s got a job of defending an infrastructure from a variety of attacks.”