Geoff Brown, New York City's chief information security officer, says in a video interview that intelligence-driven security programs are the way to go.
For city governments balancing sensitive city data and essential digital services, threat intelligence is "absolutely critical," says New York City's chief information security officer.
Geoff Brown, whom Bill de Blasio tapped in August 2017 to lead the NYC Cyber Command, says his approach in the Big Apple uses technology to apply threat intelligence across the environment, and also uses the analysis of that threat intelligence to make decisions.
"I think understanding threat intelligence from a good analytical perspective, and the work a good analyst can do, allows someone like myself who has executive responsibilities to explain why we are investing in improvements in certain areas that might cover critical services," Brown says in a video interview from FireEye's Cyber Threat Intelligence Forum, produced by CyberScoop and FedScoop.
Brown also weighed in on how the cybersecurity industry is changing – from one that's reactive into one that uses technical tools to analyze and detect patterns in a way that enables leadership to sift through the barrage of standard attacks and focus on what should be prioritized.
"It is highly reactive — when you think of an alert or a light that turns from green to red, but to a certain extent, with threat intelligence, you have now the ability to take the platform that was observed," Brown says. "[Threat intelligence] allows me to highlight [cyber threats] based on what's going on in the wild."
Threat intelligence, Brown says, also enables security operations centers to study "the art" of cyberthreats, which can help streamline and improve run-time operations.
By applying that threat intelligence not just in the security operations center, but across their entire environments, cybersecurity leaders have the opportunity to reduce the risk facing their organizations, Brown says.
"I think to a certain extent that threat intelligence allows you to have a high degree of confidence — technical machine confidence — that a bad behavior is bad enough that it should be contained automatically at the speed of hte attack," Brown says. "Taking the traditional analyst approach to threat intelligence is also important because it allows your operation to mature over time. It allows those individuals that you're investing in with your organization to get better and better motivated at all the great work they do."
This video was produced as a part of FireEye's Cyber Threat Intelligence Forum on May 31, 2018.