Interpres Security was recently named to the Enterprise Security Tech Cyber Top 20, which recognizes cybersecurity companies providing the most value to the market. We spoke with Nick Lantuh, CEO of Interpres Security, about the importance of operationalizing threat intelligences and how the company is helping organizations improve their overall threat exposure:
First off, what does it mean to operationalize threat intelligence?
When we talk about operationalizing threat intelligence, what we really mean is understanding the context of the threat in relation to our defensive capabilities. Can we take threat intelligence, vulnerability intelligence and defensive controls and put an analytic around them to make sure that we are best positioned to defend against the threat.
What are the biggest challenges organizations are facing today, when it comes to improving their defensive posture?
There are two related challenges: understanding Defensive Readiness and automation. Most organizations, when they engage in proof positive or proof negative scenarios (i.e. are we at risk to X threat), engage in a paper exercise of mapping controls to advisories or news reports or some other RFI from the board of directors. The ability to holistically understand how the security controls work in coordination to prevent, detect and respond to a given threat is the key to understanding their defensive posture. The lack of automation means that organizations take anywhere from 4-6 weeks to try to determine if their defensive posture is sufficient even before moving into the remediation phase. Or they spend an inordinate amount of resources every day attempting to measure their defensive controls and trying to overcome security entropy within their controls.
Can you offer a recent example with either the MoveIT attacks or Volt Typhoon? How can organizations prepare for these types of attacks?
One of our design partners, a Fortune 100 company with 80 BISO units, was able to assess their defensive posture against the MoveIT vulnerability within 1 hour – down from 4-6 weeks. Their Global CISO said that “Interpres saved us from certain catastrophe. The ability to ingest TTP-based threat reporting, filter that through an organization’s unique threat profile and monitor the state between the result and the company's unique defensive posture is what makes Interpres special.
How does Interpres help organizations improve their overall threat exposure?
Interpres helps a company focus on the threats that matter the most. Our automated analytical platform uses TTP-based intelligence to create an integration layer of existing cybersecurity products in the company’s ecosystem. Then it monitors the relationship between threat, vulnerabilities and defensive controls. Interpres gives you the Who, How, and Where the adversary is going to attack as well as your ability to protect, detect and respond. Interpres maintains constant measurement of this relationship, i.e. your threat exposure.
What are the main benefits of Interpres’ platform? How does automation provide defense readiness?
Automation fueled by deep innovative analytics is the only way to stay ahead of the changing environment within a company’s network. Consider that a normal enterprise network is constantly changing while under constant attacks. Vulnerabilities number in the 10s of thousands, yet only 2-7% are actively exploited. Controls are enabled and disabled due to security entropy as cybersecurity products are pushing new capabilities. SOC and IT teams are under constant pressure to measure the AS-IS, let alone work toward the TO-BE. Interpres maintains the state of the relationship of the AS-IS along with the TTPs of the adversary. It then recommends the right TO-BE actions to improve overall readiness.
What steps can organizations take right now to improve their defense readiness?
Schedule a demo with Interpres! Organizations need to embrace the reality that networks are systems in constant flux. The key is how to continuously monitor that rate of change and understand the relationship between adversary TTPs and that rate of change. This is the seam that adversaries are using. An organization that wants to increase their defensive readiness needs to move toward continuous threat exposure management – constantly analyzing the relationship between their unique threat, vulnerabilities and their unique defensive controls. ###