January 12, 2021

Episode 114 - The Good, Bad, and Ugly of Threat Intelligence with Patrick Coughlin

by Hacker Valley Studio

January 12, 2021

Episode 114 - The Good, Bad, and Ugly of Threat Intelligence with Patrick Coughlin

by Hacker Valley Studio

Show Notes

In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview Patrick Coughlin, Co-Founder and CEO of TruSTAR. Patrick began his career as a security analyst in Washington D.C. and the middle east. By working with government contractors, multinational corporations, and counter-terrorism units, Patrick learned that the biggest challenge that security analysts have is retrieving the needed information from disparate data sources. This discovery led Patrick to founding TruStar. Patrick’s focus is to help organizations automate the collection and curation of threat intelligence data.

Patrick’s analytical prowess originated from working at Booz Allen Hamilton where he learned a fundamental skill that all cybersecurity analysts should have - how to put together a slide deck. This skill helped Patrick articulate the importance of threat intelligence to leaders in the government and private sector. 

As the episode progresses, Patrick details the differences between threat intelligence requirements for national security and enterprise. For enterprise threat intelligence programs, the goal is to accelerate automation of detection and rarely attribution. Patrick also mentions automation is only as effective as the data is cleaned, normalized, and prioritized. 

What about the good, bad, and ugly of threat intelligence? Patrick describes that an organization can thrive by leveraging internal intelligence. This can be overlooked when organizations are fixated on buying threat data feeds and subscribing to ISAC feeds. Most enterprise organizations have a detection and response stack that is constantly providing information about threats relevant to their organization - which serves as great threat intelligence data.

Chris and Ron ask Patrick about the science vs art aspects of cybersecurity and threat intelligence. Patrick describes that there is room for both art and science in threat intelligence. While new concepts are being discovered, there is art in finding the needle in the haystack. However, at some point, intuition can be described into steps that a machine can repeat. For example, after years of analytical practice an analyst can describe how and why they are tagging threat intelligence related data in such a way that can be repeated by other analysts or automation. 

This episode covers an abundance of tactics and techniques for threat intelligence analysts. Patrick describes the best place to begin automating threat intelligence is detection. An analyst can ask the question, “How do I get sources of known bad indicators into my detection stack so that I could drive high fidelity detections?”. As false positives decrease, your mean time to detection (MTTD) and resolution (MTTR) decrease which makes your threat intelligence and security operation team members more effective.

 

0:00 - Intro

1:53 - This episode features Patrick Coughlin, Co-Founder and CEO of TruSTAR

2:30 - Patrick’s background and start as a security analyst

5:19 - How to automate threat intelligence while reducing analyst fatigue

7:05 - How Patrick cultivated his analyst prowess

8:43 - Articulating threat intelligence to government and enterprise organizations

11:09 - Can a threat intelligence program be automated?

17:21 - Patrick’s experience of “good” and “bad” threat intelligence programs

20:31 - Logic vs Intuition in threat intelligence

27:04 - Artificial Intelligence and Machine Learning to make threat intelligence decisions

28:42 - Where to start when automating threat intelligence

30:02 - How to stay in touch with Patrick Coughlin

 

Links: 

Connect with Patrick Coughlin on LinkedIn

Link to Patrick’s company TruSTAR

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor ByteChek

Take our FREE course for building threat intelligence programs by visiting www.hackervalley.com/easy

Read more

Listen Now

00:00:00

Recent Episodes

September 19, 2023
by Hacker Valley Studio

It’s a classic technologist conundrum: Should I build or buy the solution I need to solve a problem? The “Build vs. Buy” conundrum is faced by technology teams worldwide. To help approach this riddle, Chris Cochran speaks to two industry veterans, Sl...

September 12, 2023
by Hacker Valley Studio

Embrace the AI Revolution in Cybersecurity! Ron Eddings explores the dynamic world of AI, from cybersecurity automation to anomaly detection. Learn how AI is being used by practitioners and creators to stay one step ahead of the adversary and the com...

September 5, 2023
by Hacker Valley Studio

For this week's episode, we brought back a fan favorite Security Teams Can't Do It All. This episode features guest Rob Wood, CISO at CMS, who discusses the challenges of data silos in the workplace and the importance of supportive leadership.   Link...

August 29, 2023
by Hacker Valley Studio

In this episode, host Ron is joined by the CISO at Corvus Insurance, Jason Rebholz, to talk about the life of being a cybersecurity content creator. From his drive to create cyber content for technical and non-technical audiences to the sometimes har...

August 22, 2023
by Hacker Valley Studio

In this episode, hosts Ron and Chris are joined by special guest Eric Avigdor, VP of Product Management at Votiro. With humility as the focal point, Eric details his journey as a Product Manager — sharing his unique approach to leadership and custome...

August 15, 2023
by Hacker Valley Studio

Host Chris Cochran is joined by Marty Overman, Senior VP at Imperva, to discuss the importance of self-awareness and transparency in cybersecurity leadership. The two emphasize the need for leaders to recognize their strengths and weaknesses and unde...

August 1, 2023
by Hacker Valley Studio

In this episode, host Ron is joined by Jamie Blasco, co-founder and CTO at Nudge Security, to discuss the opportunities of SaaS as well as the security implications of AI. Jamie also considers the importance of striking a balance between productivity...

July 25, 2023
by Hacker Valley Studio

How do you effectively persuade team members and stakeholders to take action, convey the importance of new projects, or request additional resources? Communicating technical security information often leads to disconnection or worse, falls on deaf ea...

July 18, 2023
by Hacker Valley Studio

In this episode, Chris and Ron Eddings are joined by Jeff Man, a legend in cybersecurity. The conversation begins with Jeff sharing his experiences as a member of the first NSA red team and his involvement in groundbreaking projects. He discusses his...

July 11, 2023
by Hacker Valley Studio

In this episode, Chris and Ron interview Derek Wood from Duality Technologies, a leading privacy technology company to discuss the concept of homomorphic encryption and its significance in data security, privacy, and governance. Homomorphic encryptio...