Spotlight Podcast: Are you ready for Threat Reconnaissance?

In this Spotlight episode of the Security Ledger podcast, I interview David Monnier, the CIO and Chief Evangelist at the firm Team Cymru (pron. kum–ree) about the evolution of the threat intelligence space and the growing need for what Team Cymru calls “Threat Reconnaissance,” a process for leveraging organization-specific threat intel to help root out and neutralize malicious campaigns targeting an organization. [MP3] [Video] [Transcript] “Cyber threat intelligence” is a phrase that refers to data compiled on the activities, tools and capabilities of malicious cyber actors. And it’s a big business. By one estimate, the global threat intelligence market was valued at USD $4.24 billion in 2022 and is projected to grow to $18.11 billion by 2030.  These days, most security teams consume multiple threat intelligence feeds to help them make sense of the threat landscape and spot risks to their organization – IT assets, networks, data. But making threat intelligence actionable is another matter. After all, knowing that a ransomware group or state sponsored actor is targeting your industry is different from knowing that they’re targeting your company specifically. And, absent specific information about threats to your organization and the ability to act on that information, threat intelligence feeds can simply add noise to an already noisy SOC.  A better approach is what our next guest calls “threat reconnaissance” – the application of threat intelligence to hunt down and neutralize looming or active threats that target your organization. But how does a security team move from simply consuming threat intelligence, to operationalizing it and conducting threat reconnaissance? In this Spotlight Edition of the podcast, I’m joined by David Monnier, the CIO and Chief Evangelist at the firm Team Cymru to talk about his company’s work to evolve threat intelligence from merely curated feeds relevant to a specific industry or sector, to tailored feeds that highlight active or evolving threats specific to an organization. The key, Monnier explained, is to gather threat intelligence that is actionable and then leverage it to expose the workings of cyber adversaries targeting your organization – the command and control (C2) infrastructure they rely on, the employees they target, and so on. “A hotel chain doesn’t have the same adversaries pursuing it as someone at home nor as say a defense contractor. They all have different adversaries. And really, you need to have intelligence that’s catered,” Monnier told me. In this conversation, David and I talk about the drive towards threat reconnaissance and the evolution in threats and threat actors – in particular the economics driving and explosion in cyber crime and what Monnier calls “miscreancy” over the past three decades. To start off our conversation, I asked David to fill us in on his long tenure in the cyber security community, which stretches back to the mid 1990s and the more recent work he’s focused on at Team Cymru. Video Interview