Naming malware: What’s in a name?

By Mark Arena, CEO of Intel 471. This week’s incident with Petya/NotPetya/GoldenEye/Nyetya/Petrwrap has reignited the debate about how security companies name malware. In my opinion, the security industry’s use of different names for the same thing isn’t good for either customers or the industry at large, and it’s something that could be solved without tooContinue reading “Naming malware: What’s in a name?”

Being a cyber threat intelligence analyst and operating in the fog of uncertainty

By Mark Arena, CEO of Intel 471. A lot has been said, blogged and marketed on WannaCry ransomware with many pointing fingers at who they think might be behind it. The objective of this blog isn’t to critique, support or disprove any specific hypothesis. The goal is to highlight what it means to be aContinue reading “Being a cyber threat intelligence analyst and operating in the fog of uncertainty”

Who hacked the Democratic National Committee?

By Mark Arena, CEO of Intel 471. Who hacked the Democratic National Committee? I’ll preface this post by saying that I possess no information on this incident beyond what has been mentioned in open sources. This post is my personal opinion and is based on my experience researching and tracking both state and non-state cyberContinue reading “Who hacked the Democratic National Committee?”

Cyber Threat Intelligence: Comparing the incident-centric and actor-centric approaches

By Mark Arena, CEO of Intel 471. When it comes to cyber threat intelligence, the security industry mostly appears to take the view that indicators of compromise (IOCs) are the best approach to initiate/drive the intelligence process. If we take a step back and look at traditional intelligence concepts, we will find the following definitionContinue reading “Cyber Threat Intelligence: Comparing the incident-centric and actor-centric approaches”

Cyber threat intelligence requirements: What are they, what are they for and how do they fit in the…

By Mark Arena, CEO of Intel 471. There are many definitions of what is an intelligence requirement but the definition to me that is most accurate is: “Any subject, general or specific, upon which there is a need for the collection of information, or the production of intelligence.” Ref:http://www.thefreedictionary.com/intelligence+requirement With the above definition I wantContinue reading “Cyber threat intelligence requirements: What are they, what are they for and how do they fit in the…”

Cyber threat intelligence: Why should I be worried about threats that aren’t specifically…

By Mark Arena, CEO of Intel 471. When it comes to cyber threat intelligence, the big question that comes to mind when evaluating intelligence or intelligence collection, external from a vendor or internally generated, is whether it is relevant to me and my organization. If you read my previous posts, you would have seen thatContinue reading “Cyber threat intelligence: Why should I be worried about threats that aren’t specifically…”