The Threat Intelligence Ecosystem

Ecosystems are defined by their interactions. Threat intelligence and security operations teams can reach peak performance when technology and people interact as a system.

You’re an intel analyst at a Fortune 2000 firm. You’ve got a DoS, military, police, or FBI background — or at least you’ve spent some serious time working on security in some other capacity. You’ve brought your training and experience to the private sector. You’re now responsible for alerting your firm when physical security incidents impact your people, operations, supply chain nodes, or facilities. Perhaps you’re also responsible for crisis management and business continuity. Your GSOC may be humming along — with teams responsible for detection, analysis and response — or you may be alone, a “virtual GSOC.”

Over the past four years, we’ve interviewed hundreds of security professionals who fit this description. And they all describe a single problem. Conflicting tech solutions and the lack of coordination between critical actors stem from a single factor: silos.

During the last Hurricane response, we had 15 different browser windows open, trying to manage our response. It was a mess trying to coordinate incoming information, figure out what’s relevant, and get the word out to the right people. My people on the ground knew critical information I didn’t know — and vice versa. And when I needed to coordinate response, I had a hell of a time keeping track of my people and vehicles. Worst, my intel vendors were continually throwing sh*t over the fence at me, but only some of it was relevant. In the whirlwind, it felt like a ‘cluster.’

— Ops Center, Response Team

All businesses must address silos. For crisis management, security, and intel analysis, the stakes are higher.

Security technologies and services like travel risk management, intel gathering and analysis, and mass notifications have traditionally existed as silo’d services. Often, they need complex integration to work “synergistically” — or they just don’t work, period. If one weak link fails, the chain breaks. An otherwise effective response turns into chaos.

Unfortunately, it’s not just technologies that have struggled from inefficient, ineffective, or non-existent integration. People have not been integrated, either:

• A threat analyst wasn’t notified that a group of travelers from her firm were in Barcelona during the attack, because the travelers’ itineraries changed. The travelers missed the warning and were unnecessarily at risk. The security team lost credibility.
• An Ops Center responding to the 2016 explosions at the Brussels Airport with a mass notification to 1,500 people wasn’t updated of the follow-on attack on the Maalbeek Metro Station. The notifications were sent without critical advice, and employees weren’t adequately protected.

Security professionals have traditionally been silo‘d for many reasons. Sometimes, their silo’d roles reflected the limitations of their tech. Other times, they didn’t have an efficient way to communicate during crises. Silos cost time. Silos risk human safety. Silos are the enemy of ROI.

Enter The Threat Intelligence Ecosystem.

The Threat Intelligence Ecosystem integrates disparate technologies into a single platform — enabling security professionals to collaborate on incident avoidance, detection, and response. This communicative interaction isn’t just a “nice thing to do” for security professionals. It’s critical for the employees under their protection. And it directly benefits them because they gain access to previously silo’d information and systems — information that could make the difference in an emergency. Consider the definition of an ecosystem:

“An ecosystem is a community of living organisms in conjunction with the nonliving components of their environment, interacting as a system. An ecosystem is linked together. Ecosystems are defined by the network of interactions among organisms, and between organisms and their environment. — Wikipedia

So what exactly is the Threat Intelligence Ecosystem? From our DoD backgrounds, we know that the best security teams interact as a system. Security teams operate at their highest levels when they operate as an ecosystem, when:

• People interact with others, as a system.
• People interact with tech, as a system.
• Tech interacts with tech, as a system.
• Teams interact with teams, as a system of systems.

Here’s what that means for threat intelligence, incident detection, notification, and response:

• For sufficient incident detection, multiple intelligence sources must be integrated. This includes online news and social media, and sometimes, local police data or other streams. It means human analysts and machine-driven analysis working in concert.
• Incident detection can’t just end with an email to your GSOC that “a terror incident happened.” Smart alerts should show you — and your stakeholders — exactly how the incident affects your organization.
• Emergency Mass Notifications are seamlessly tied to incoming intelligence. This saves critical time and helps ensure the right notifications are sent to the right people.
• For employees abroad — whether traveler or expat — the employee and the security team are notified within seconds of a security incident. When necessary, the embassy is notified of the risk to the employee. Help is notified.
• Unlike traditional mass notification systems, the threat intelligence ecosystem uses two-way channels (think “Waze”) so any employee on the ground can update security analysts in the office and vice-versa. Additionally, state of the art A.I. sifts through massive amounts of real-time data on the web. It is this combination of human intelligence augmented with machine learning that achieves an enhanced threat awareness with an analytical power far greater than any team of human security managers manually pulling and sorting data.

We’ve been there.

The Stabilitas team is made up of former military officers, A.I. researchers, data scientists and engineers. However, the real power of the platform is its network of users. This further sets Stabilitas apart: it combines a complete suite of threat-management tools into a single, easy-to-use platform by connecting people and integrating technology in a totally streamlined network.

Stabilitas allows security teams to securely communicate with their employees directly and with fellow trusted, selected industry professionals in other operations centers. They can discuss preparations, incidents, response, and best practices — all with geo-relevancy down to the street level. This means an employee at Firm A can report an incident; the security team at Firm A can validate, and share with their trusted counterparts at Firms B, C, and D. Critical information is thus delivered to the security teams and impacted employees of multiple firms — in seconds. Best, for a limited time, the app can be downloaded for free by anyone with a smartphone. Stabilitas brings every employee situational awareness and an advanced level of protection.

If you’d like to find out more, set up a time to meet our founders at ASIS 2017 in Dallas at https://calendly.com/chris-stabilitas/20min/.