Home  |  Sarah  |  Services  |  Blog  Contact

Saturday, 30 Jan , 2016

Norse Corp’s Implosion & Threat Intelligence Reality

Share this article

Norse Corp is in trouble – Just a company-specific blow, or raising bigger questions about threat intelligence value? Today Brian Krebs quoted sources who say Norse Corp is in serious trouble, to the point where an emergency buy out by CloudFlare has reportedly been put in motion. Underlying causes appear to include inability (or unwillingness) to develop new practically […]

Norse Corp is in trouble – Just a company-specific blow, or raising bigger questions about threat intelligence value?

Today Brian Krebs quoted sources who say Norse Corp is in serious trouble, to the point where an emergency buy out by CloudFlare has reportedly been put in motion. Underlying causes appear to include inability (or unwillingness) to develop new practically useful products from their flagship threat-data-gathering offerings, plus some questions about credibility of the threat data itself. The leadership team at Norse also allegedly have a less than impressive history of business management, but could this be more than a tech firm meltdown? Could it be signposting an industry-wide and fundamental disconnect between threat intelligence products, and fulfilling real business risk reduction needs?Robert M Lee has written an essential counterpart to the questions likely to be raised about the threat intelligence industry as a whole. In it he highlights the fundamental difference between Threat Data and Threat Intel. Noting that Norse largely dealt in the former, whereas other firms, more aptly calling themselves Threat Intel outfits, deal diligently in the latter.
No, Norse is Not a Bellwether of the Threat Intel Industry, but Hold Lessons Learned 
And here Steve Ragan offers to put you in touch with Norse employees now on the job market. It’s important not to bomb their careers based on negatives you might currently be feeling about the firm.
https://twitter.com/SteveD3/status/693600435509178369
Having said all that, even if you buy in intelligence, rather than just data, it’s vital you understand local context to gain advertised value. On Independence Day 2014 I wrote the below article (prompted by Norse’s newly unveiled IPViking Live Threat Map), to specifically address that question of context. In it I work hard to draw out the real day-job effect and risk mitigation value of both Norse’s map and threat intelligence in general. My main conclusion was that value derives from ability to relate delivered intel to your organisation’s risk profile, high value assets, and distributed IT estate.
That might sound utterly obvious, but if it weren’t such a challenge (a challenge companies rarely tackle with sufficient expertise, time, and money), perhaps Norse wouldn’t be where they currently find themselves.

Dynamic Cyber Threat Intelligence – Pretty, But Potentially Pointless

Excerpt from the article first published July 4, 2014 by Information Security Buzz and reproduced in full today on Peerlyst
You won’t often find me writing something prompted by a specific product, in this case IPViking Live Threat Map, but it was too fascinating not to.
RealTimeAttackMap

June 2014 was arguably the month of Threat Intelligence (TI). Microsoft, Symantec and GCHQ have all been shouting about new tools or resources.  Things that give better or more joined-up sight of global cyber threats (no doubt heralding complimentary consultancy offerings from just about everyone).
Decent, dynamic threat intelligence is indisputably a critical ingredient when trying to thrash out your real level of cyber risk. It’s also pretty handy when you pitch for budget to fix existing vulnerabilities, buy new tools and/or cyber insure.
On 19th June, Business Daily looked at a survey by Checkpoint (who have their own TI offering). 140 InfoSec professionals were questioned and called out widespread problems identifying and mitigating attacks. This was put down, in large part, to a lack of useful threat intelligence.
“The gap between attack sophistication and available threat intelligence meant 31% of respondents said their organisation had suffered up to 20 successful attacks in the past 12 months – while 34% were unable to say exactly how many they had fallen victim to”
In this case study Norse tell us how IPViking detected over 100 TOR exit nodes used to attempt over $400k worth of fraudulent transactions via a political campaign’s fundraising website.  When the so called “bad actors” were identified, they were blocked and the fraud was prevented.
images (38)So, before folk bring you stats and pretty graphics – like the “WOW” stuff from Norse – and get your senior budget holders properly excited, how do you prepare to balance out the hype?  It’s lovely to have more risk data, but are you ready to use it? Can you translate it into meaningful security ‘to do’ lists?
Not an easy question to answer.
As a starter for 10, the following are ways threat intelligence is expected to inform your security stance and security response, put together from various sources;


If you would like to read on, the rest of the original post is reproduced in full on Peerlyst

Opinion: Paying to play with our personal data – is it ok?

We’ve migrated from ‘Hot or Not?’ to being held virtually hostage by many of the digital platforms we rely on today. In the midst of that a new processing paradigm has emerged. Myriad startups want to pay to play with your personal data. Can this tackle on-going...

In AI we will blindly trust…

...and the architects, designers, data scientists, and developers will think we are nuts I've been driven back to the blog to talk about one very specific aspect of privacy, data protection and Artificial Intelligence (exchange for Machine Learning or Algorithms as...

Data Protection, Security, and the GDPR: Myths and misconceptions #2

Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back again over my pre-privacy IT and InfoSec career to spot things likely...

Where and to whom does the GDPR apply?

Yeah, I doubted my sanity going at this one too, but here I am, because working out whether or not the GDPR would apply in different practical and geographical circumstances is proving harder than it really should...for everyone. This regulation has been my almost...

GDPR – You’ve analysed the gaps, but can you close them?

  There is a critical gap for most firms: An inability to interpret and leverage gap analysis, data discovery, and mapping output to actually implement technical data processing change. This article is about the challenges most large firms are facing when trying...

GDPR – The Compliance Conundrum

There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR 'good' is straightforward. In many others we are asked to respect principles of fairness and...

Opinion: The role of automated data discovery in a GDPR programme

Do you have any online profiles or posts featuring those 4 magic characters: G D P R? If so, whether you are a business decision maker, IT body, security body, charity boss, employed data protection pro, or job seeking data protection pro (less and less likely), you...

When Business Culture Eats Cybersecurity For Breakfast – Part One

A four-part story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security. Wild Speculation & IT Transformation Do you remember Nick Leeson? On February 23rd 1995 he sent a fax telling bosses at Barings Bank he was ill and wanted...

Cyber Insurers Dictating Cybersecurity Standards?

A run down of the key challenges with choosing and using cyber insurance called out in the last few months. It looks entirely possible you will have 'adequate' security dictated by your insurers, so it is your job to understand the risk based yardstick they're using...

There Is No Such Thing As Information Security Risk

Having worked in IT and Information Security for 13 years, I've come to the conclusion that there is no such thing as information security risk. There are just business risks that have one or more security or IT related causes. There is a fundamental and persistent...