Mark Arena, Intel 471 : Intelligence should be the engine in an information security program
October 2021 by Marc Jacob
Intel 471 will take part in the Assises de la Sécurité for the first time, and on this occasion it will show how intelligence gleaned from underground cybercrime, and more importantly, the targeted knowledge that comes from it, can help organizations stay on track. ahead of the threats that continue to become increasingly sophisticated and targeted to specific sectors of this region. Mark Arena, Chief Executive Officer of Intel 471 believes that intelligence should be the lifeblood of almost everything in an information security program.
Global Security Mag : What are you going to present at Les Assises de la Sécurité ?
Mark Arena : Intel 471 will present global businesses a path forward in the middle of a global cybersecurity climate that could not seem more dire. Over the past several years, we have expanded our business across Western Europe, working with large customers and partners in key sectors, such as financial services, energy, healthcare, technology, telecommunications, law enforcement and central government. , where we have increased our focus on the specific business needs and threats of these organisations in the region. At Les Assises 2021, Intel 471 will showcase how intelligence drawn from the cybercrime underground, and more importantly the focused knowledge gleaned from it, can help organisations to stay ahead of the threats that continue to grow more sophisticated and targeted to specific sectors in this region. Intel 471 will be located on the Startup Zone on Level 2 at the event centre. More information on Intel 471 can be found at https://www.Intel471.com
GS Mag : What are the main threats that you have identified in 2021?
Mark Arena : The top threats we are seeing so far this year are ransomware, the enablers that support ransomware attacks and the blurring of the lines between nation-state and financially motivated cybercriminals. If we look at ransomware, we are at a point where the impact of ransomware attacks has grown to a point where it is a national security threat and being treated as such. Traditionally government responses to financially motivated cybercrime have been predominantly driven by law enforcement so we are in uncharted territory with government national security assets being unleashed against cybercriminals. Whilst we’ve mentioned ransomware, we need to remember that there are a significant number of other enablers that support the current ransomware surge. One such key enabler is initial access brokers. These are cybercriminals who obtain access to organisations which can then be provided to other cybercriminals who are experts at moving laterally within compromised networks. From an information security and defender perspective there is an overemphasis on looking for ransomware indicators of compromise when in reality we need to focus on the precursor tactics, techniques and procedures (TTPs) of ransomware attacks to be able to effectively defend our organizations. The blurring of the lines between national states and financially motivated cybercriminals is not new to 2021 but is being demonstrated where we and our law enforcement friends are dealing with states like Russia that at best, do nothing against cybercriminals located there or at worst, direct and leverage them to carry out their own objectives. Others like North Korea straight up commit cybercrime to obtain funds for government coffers.
GS Mag : What are the current business needs of companies?
Mark Arena : From Intel 471’s perspective as a cyber threat intelligence provider, our customers are in an interesting and transformative point of time whereby technology is evolving so fast and it opens up a huge amount of business opportunities as a result for them. The flip side of that equation is the potential exposure and business risks that they face every single day is off the charts. Based on all of this, our customers are interested in how the threat landscape is rapidly evolving, who the main players are, how they operate (their TTPs) and what is driving them. This is something that requires constant vigilance which can enable an organization to take full advantage of the technology of today whilst constantly understanding the threats they face and the resultant business impact which could result based on the decisions they make or don’t make.
GS Mag : In what way does your strategy evolve to address these needs?
Mark Arena : Intel 471 set itself apart among threat intelligence firms in some major ways. Drawing from military principles and tools, the company paired a more prominent balance of human analysis and technology innovation, emphasizing a boots-on-the ground presence for the highest fidelity visibility into not just criminal activities, but the cultural and regional environments that shield, support, and in some ways serve to reveal their true identity. The richness of this data is then processed within Intel 471’s General Intelligence Requirements, which are applied to suit each individual organization’s business priorities. This gives the final intelligence product an unmatched alignment with the business to apply specific and impactful protections. The company’s unique position and leadership in the market is what drew the attention of Thoma Bravo, the gold standard in cyber security private equity, and resulted in a strategic investment in September 2021, to accelerate the roadmap for the company’s TITAN Platform, and aggressively pursue innovation to best deliver security solutions for new and existing customers across the globe.
GS Mag : With the pandemic, remote work and security have become turning points. In what way do you integrate those principles within your offer?
Mark Arena : From our perspective, COVID hasn’t really changed how threat actors operate and as a result it hasn’t changed much of what we do and operate. Saying that, it has certainly changed how the employees of our customers work almost overnight and that has moved all organisations fast to be decentralized and off operating 100% within centralised corporate networks. Ultimately I think organisations of all shapes and sizes were going that direction anyway, especially with the movement to more and more cloud hosted software as a service type offerings, but the pandemic definitely sped up that decentralization move.
With everyone being stuck at home during the pandemic, it has also led to cybercriminals also being stuck at home. A key point of the pandemic is that cybercriminals have been working more than ever to make money which I expect will continue.
I mentioned initial access brokers earlier as well. These are the cybercriminals that obtain initial access to a compromised organisation which is then provided to another actor. With the move to more and more work from home employees, a number of organisations have been breached as a result of external interfaces like VPNs being inadequately secured.
GS Mag : What are your recommendations in the matter to mitigate the risks?
Mark Arena : Intel 471’s goal is to arm critical stakeholders in organizations with the knowledge and the tools to act quickly and decisively in defense of an organization and give them the foresight to continually improve security posture.
● Have two-factor authentication (2FA) enabled everywhere;
● Understand your attack surface and assets;
● Understand (and patch) the vulnerabilities you are exposed to;
● Understand who your key third party vendors are and accept that a breach of them could impact your own organization the same so act accordingly;
● Understand your adversary. This is what Intel 471 provides.
● Automate what you can - leverage technology as much as possible for ongoing monitoring and alerting to stay on top of important developments in real-time.
GS Mag : What message would you like to address to the CISOs?
Mark Arena : Every organisation will get impacted by a breach sooner or later. It could be you or a third party supplier but your organisation will be impacted regardless. It’s time to be proactive and transition our information security programs from being reactive and response-driven to being proactive and intelligence-led. Intelligence should be driving almost everything within an information security program that we do. It’s impossible to secure everything that our organisation cares about but it is possible to proactively track the threats that matter and how they could impact the most critical assets and crown jewels of our organisation.
Finally I’d like to say to all CISOs that I salute you. You’ve probably got the hardest job in information security and like an elite top football manager, you’re probably the bullet catcher for your organisation’s executive team if something bad happens and unfortunately there’s a lot of bad things happening. It probably wouldn’t even be your fault but you’re at the front line and I wish you all the best.