3.1 C
London
Sunday, November 19, 2017
Home Tags Intelligence

Tag: Intelligence

SPONSORED: Greg Boison, director of homeland and cybersecurity for Lockheed Martin, talks to Brian Gillooly at the RSA Conference about how to transform a security operations center into a security intelligence center, and Lockheed Martin's approach. ...
Security teams are drowning in often useless threat intel data, but signs of maturity are emerging in what IT-Harvest predicts will be a $1.5 billion market by 2018. First in a series on the evolution of threat intelligence Something’s gotta give: nearly three-fourths of enterprises today say they ignore security events because they’re overwhelmed by the deluge of alerts.

And that doesn’t even take into account the firehose of threat intelligence data they’re funneling today, a new report shows. Mega-retailer Target was the poster child for security alert awareness gone bad—the needle in the haystack Target dismissed was actually the clue that it was under a major attack in the fall of 2013. Nearly three years after that epic data breach, security events, alerts, and threat intelligence feeds are exploding in many enterprises hungry for hints that they are in the bullseye.

The tradeoff is that this deluge of data is drowning security teams who must sift, separate, and correlate the real threats from the false positives or irrelevant information. Security event overload alone is causing some dramatic fallout: more than half of all security events get ignored by IT security pros due to the overload of information, according to a new Enterprise Strategy Group (ESG) report that surveyed 125 IT security pros on the state of incident response in their organizations.

Around 30% of those organizations say they also have some 11 different threat intelligence feeds flowing in as well, the Phantom-commissioned report—published today--found. Threat intelligence data is all about helping enterprises block or protect against the newest threats by providing in-the-wild attack and threat artifacts and intel that companies can compare and correlate with their security.

But for many organizations, the deluge of this type of information isn’t much help if they can’t triage and apply it effectively.  The threat intelligence market itself is booming, growing at a rapid clip at 84% annually, according to new data published today by IT-Harvest.

The threat intel market—which was at $251 million in 2015—is expected to reach more than $460 million this year, says Richard Stiennon, chief research analyst for IT-Harvest. Threat intelligence platform products such as those of ThreatConnect, ThreatStream (now Anomali), ThreatQuotient, and BrightPoint Security, made up $61 million of 2015’s total threat intel market revenues, according to IT-Harvest.

The market is on track to hit $1.5 billion in 2018 at the current rate of growth, according to the report, which includes a look at more than 20 threat intelligence vendors, including FireEye’s iSIGHT Partners, Cyveillance+LookingGlass, Digital Shadows, and Flashpoint Intel. “I expect a lot of churn and also a lot of startups,” Stiennon says of the threat intelligence space. Signs of churn started to show in the past month, with Norse Corp.’s mass layoffs and executive shakeout.
Security experts attributed Norse’s plight more to its own internal managerial problems and lack of a solid product as well some weak analysis reports, rather than as a bellwether of the threat intel space. ‘Threat’ Rebrand Meanwhile, recent moves by other threat intel vendors show signs of a logical evolution of making threat intel more useful and manageable. Late last month, ThreatStream dropped the “threat” moniker and rebranded itself as Anomali, now focusing on not just delivering threat intel, but also prioritizing and matching it for individual organizations.

Threat intel has its own big data problem, according to executives at Anomali, which now is filtering down indicators of compromise (IOCs) and other threat intel for security event and information management (SIEM) systems, which it says weren’t built to process millions of IOCs. “When we started [out], the volume of threat intelligence coming from feed vendors and open communities versus now was more manageable.

There were hundreds of thousands of indicators of compromise, and now there are tens of millions,” says Hugh Njemanze, CEO of Anomali. “We expect this year to [reach] 100 million IoCs.

There’s been an explosion.” That kind of threat intel volume isn’t conducive for most in-house SIEM tools today. “Even the most robust SIEM is not able to ingest more than 1 million IOCs,” he says.

Anomali’s new cloud-based products basically match event flows with IOCs, for example, and then feed contextual information about the incident to the SIEM. “We’re taking on the burden of discovery and matching and letting the SIEM do what it’s good at: analyzing the millions of events they are collecting,” Njemanze explains.
Security operations center teams need to know which IOCs are relevant, so that’s what Anomali is offering. Anomali still offers ThreatStream Optic, its threat intel feed, in addition to its new Harmony Breach Analytics and Anomali Reports products. “We still see ourselves as a threat intelligence player, but we’re radically shifting how threat intel can be operationalized,” he says. “I’m convinced TI platforms like ThreatStream’s [Anomali’s] have an opportunity.
I haven’t seen anyone targeting dealing with the data.

Building a distiller takes the good stuff out, and turns the SIEM into a log manager,” IT-Harvest’s Stiennan says. ThreatConnect, meanwhile, has upgraded its ThreatConnect platform to better integrate a company’s security incidents with threat intelligence. “The goal of my platform is to bring the two together: every data set and correlate it with events and incidents that are unfolding so human beings don’t have to look at the noise.
Instead, the most important things bubble up to the top, based on the underlying analytics,” says Adam Vincent, CEO of ThreatConnect. ThreatConnect has partnered with Splunk, Palo Alto Networks, and others, to integrate threat intel with an organization’s incident detection and response processes.
Version 4.0 of the ThreatConnect platform also lets companies customize reports for all levels of users, including C-level executives who want to see a map of which regions are targeting their company, for example, Vincent says. Threat intelligence is about empowering decision-making, he says. “It’s not the end goal in itself.” So rather than a retailer looking at 100 events in the order in which they occur, the threat intel platform would flag and prioritize events that appear to be connected or related to other attacks in the wild. “It would say this event is important because it looks coordinated, and it’s against equipment that has known vulnerabilities,” Vincent says. “And it looks at what type of techniques and tradecraft the [attacker] is using ...

As the [company] investigates it, they are collecting additional information that is going to inform their decision-making.” Most security vendors now offer some level of threat intelligence, and there are several open-source threat intel feeds as well. “The challenge right now is to tell high-quality threat intelligence from low-quality threat intelligence.
It’s tough to distinguish, given the abundancy of options” out there, says Oliver Friedrichs, founder and CEO of startup Phantom. “One of the biggest challenges is how to reconcile all the various feeds and how to actually make sense of them.

The threat intelligence platform space is really striving to solve that,” says Friedrichs, whose firm offers an automation and “orchestration engine” for an organization’s security tools. Related Content: Find out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200. Kelly Jackson Higgins is Executive Editor at DarkReading.com.
She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ...
View Full Bio More Insights
Planned attacks a response to candidate's controversial campaign rhetoric, hacking collective says. In a reprise of numerous similar campaigns from the past, the Anonymous hacktivist collective has announced plans to disrupt Donald Trump’s presidential campaign by launching cyberattacks on websites associated with the controversial candidate, starting April 1. In a message on Anonymous’ YouTube channel, an individual purporting to a be spokesman for the collective urged those aligned with its cause to shut down Trump campaign websites and to “expose what he doesn’t want the public to know.” The spokesman, wearing the group’s signature Guy Fawkes mask, described the planned attacks as a response to Trump’s “appalling actions and ideas” in running his presidential campaign. “We need to dismantle his campaign and sabotage his brand,” the masked spokesman exhorted viewers. The Trump attack announcement, with its usual colorful rhetoric, has raised some predictable questions about whether Anonymous is really capable any longer of mustering the support needed to launch a disruptive cyber campaign against the leading Republican presidential candidate. Rene Paap, security evangelist at A10 Networks says the Trump campaign appears to have foreseen the threat and protected its domain by using a Content Delivery Network (CDN) service. “A CDN provides an extra caching layer in-between the content of a website and the client browser.
It is a large network with many points of presence around the world, aimed to redirect a browser to the nearest location where cached content is served,” says Paap. “For Anonymous to break through this is going to be difficult, as the CDN anticipates DDoS attacks,” he says. Anonymous and its collection of loosely affiliated followers around the world have pulled off several high-profile hacktivist campaigns in the past.

Among the examples that Anonymous itself touts are a 2008 campaign against the Church of Scientology, in which it crashed the church’s website; Operation Darknet, in which it exposed IP addresses of nearly 200 alleged pedophiles; and its release of an incriminating video in a 2012 case involving a sexual assault on a high school girl in Steubenville, Ohio. Following last year’s terrorist attacks on France’s satirical newspaper Charlie Hebdo, Anonymous launched a campaign to expose and disrupt websites spreading jihadist propaganda and, more recently, it has committed to doing the same to ISIS-affiliated websites.
Soon after launching the campaign last February, Anonymous claimed it had succeeded in taking down over 1,000 sites and over 9,000 Twitter accounts affiliated with the terror group. Whether or not Anonymous can replicate such campaigns in its planned attacks against Trump websites and online presence remains to be seen. Regardless of how successful or not the planned attack is going to be, Anonymous’ call to attack the Trump campaign is another example of how the world of politics and cybersecurity are becoming increasingly intertwined. The Internet -- social media, in particular -- has become a primary vehicle for candidates to communicate with voters, raise campaign awareness, target specific demographic, gauge voter sentiment, and solicit donations.

But the growing use of these channels has given threat actors new ways to attack Internet users, security vendor Forcepoint had noted last year in its 2016 predictions report (registration required). One of the dangers is that attackers will use email lures related to 2016 campaign issues to try and distribute malicious payloads to unsuspecting users. “Attackers frequently see large events as an opportunity to launch cyber-attacks on a curious population,” Forcepoint pointed out in its report. “Political campaigns, platforms and candidates present a huge opportunity to tailor highly effective lures.” Another issue is the use of social media to misrepresent or to misdirect public perception of candidates and events related to the presidential campaign.

As one example, the Forcepoint report pointed to a campaign by the Syrian Electronic Army (SEA) where hackers supporting the government of President Bashar al-Assad targeted and defaced sites belonging to rival groups. Hackers affiliated with the same group also targeted the Facebook pages of former French President Nicolas Sarkozy and President Obama with spam messages supporting al-Assad, Forcepoint noted in its report. “The SEA also took over the Twitter accounts of legitimate news organizations, tweeting false news updates, creating uncertainty and alarm as the messages spread online before these accounts were again secured.” Bob Hansmann, Forcepoint’s director of security analysis and strategy says that campaigns that want to mitigate such threats need to make cybersecurity a core part of their planning.  “A qualified CISO, as a ranking member of the campaign team, would be a game changer,” for the presidential candidates, Hansmann says in comments to Dark Reading. “If a campaign team has one and, more importantly, if they listen to them, then the odds are in their favor,” he says. “They are likely less susceptible to an attack as well as more likely to maintain key operations in the face of a full or partially successful attack.”  Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ...
View Full Bio More Insights
Ecryption, bug bounties and threat intel dominated the mindshare of the cybersecurity hive mind at RSAC last week. SAN FRANCISCO, CALIF. – RSA Conference 2016 -- With one of the biggest crowds ever to hit Moscone for RSA Conference USA, the gathering last week of 40,000 security professionals and vendors was like a convergence of water cooler chatterboxes from across the entire infosec world. Whether at scheduled talks, in bustling hallways or cocktail hours at the bars nearby, a number of definite themes wound their way through discussions all week. Here's what kept the conversations flowing. Encryption Backdoors The topic of government-urged encryption backdoors was already promising to be a big topic at the show, but the FBI-Apple bombshell ensured that this was THE topic of RSAC 2016.

According to Bromium, a survey taken of attendees showed that 86% of respondents sided with Apple in this debate, so much of the chatter was 100 different ways of explaining the inadvisability of the FBI's mandate. One of the most colorful quotes came from Michael Chertoff, former head of U.S.

Department of Homeland Security: "Once you’ve created code that’s potentially compromising, it’s like a bacteriological weapon. You’re always afraid of it getting out of the lab.” Bug Bounties In spite of the dark cast the backdoor issue set over the Federal government's relations with the cybersecurity industry, there was plenty of evidence of positive public-private cooperation.

Exhibit A: the "Hack the Pentagon" bug bounty program announced by the DoD in conjunction with Defense Secretary Ash Carter's appearance at the show. While bug bounty programs are hardly a new thing, the announcement of the program shows how completely these programs have become mainstream best practices. "There are lots of companies who do this,” Carter said in a town hall session with Ted Schlein, general partner at Kleiner Perkins Caufield & Byers. “It’s a way of kind of crowdsourcing the expertise and having access to good people and not bad people. You’d much rather find vulnerabilities in your networks that way than in the other way, with a compromise or shutdown.” Threat Intel There was no lack of vendors hyping new threat intelligence capabilities at this show, but as with many hot security product categories threat intel is suffering a bit as the victim of its own success.

The marketing machine is in full gear now pimping out threat intel capabilities for any feature even remotely looking like it; one vendor lamented to me off the record, "most threat intel these days is not even close to being real intelligence." In short, threat intel demonstrated at the show that it was reaching the peak of the classic hype cycle pattern. RSAC attendees had some great evidence of that hanging around their necks. Just a month after the very public dismantling of Norse Corp., the show's badge holder necklaces still bore the self-proclaimed threat intelligence vendor's logos.

But as Robert Lee, CEO of Dragos Security, capably explained over a month ago in the Norse fallout, this kind of failure (and additional disillusionment from customers led astray by the marketing hype) is not necessarily a knock on the credibility of threat intel as a whole.
It is just a matter of people playing fast and loose with the product category itself. "Simply put, they were interpreting data as intelligence," Lee said. "There is a huge difference between data, information, and intelligence.
So while they may have billed themselves as significant players in the threat intelligence community they were never really accepted by the community, or participating in it, by most leading analysts and companies.

Therefore, they aren’t a bellwether of the threat intelligence industry." Related Content: Find out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200. Ericka Chickowski specializes in coverage of information technology and business innovation.
She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio More Insights
Defense Secretary Ash Carter offers insight into DoD's new vulnerability-hunting program that offers monetary awards. SAN FRANCISCO, CA – RSA Conference 2016 – The US Defense Department is inviting vetted white-hat hackers to hunt for vulnerabilities in its public web pages under a pilot bug bounty program.

The new “Hack the Pentagon” announced today by DoD officials took the security industry by surprise. Bug bounty programs are gradually catching on in the commercial world, but no one expected the Pentagon—much less the feds—to launch one.

The DoD program aims to tap expertise from the private sector in the first step in a planned group of programs to test for bugs in DoD websites, applications, and networks.

DoD will give monetary awards to hackers who find bugs, but many of the details of the program were not yet disclosed. Defense Secretary Ash Carter, here today, shed more light on why DoD made such a bold move. “We’re trying to adopt what is a best practice.

There are lots of companies who do this,” Carter said in a town hall session with Ted Schlein, general partner at Kleiner Perkins Caufield & Byers. “You invite people to come and attack you and find your vulnerabilities.
It’s a way of kind of crowdsourcing the expertise and having access to good people and not bad people. You’d much rather find vulnerabilities in your networks that way than in the other way, with a compromise or shutdown.” Participants must be vetted, of course: they register and undergo a background check. “We have to make sure they are a white hat,” Carter said. He said the hackers who participate in the program won’t be hacking at any of DoD’s other systems or networks, such as its mission-facing systems. Katie Moussouris, chief policy officer of HackerOne, called the DoD’s bug bounty program a “landmark event” for the federal government as well as for security research. “This legitimizes hacking for defensive purposes,” she says. It’s also a powerful recruiting tool for the DoD, which like many other organizations faces a talent gap in cybersecurity, says Moussouris, whose company sells a platform for vulnerability coordination and bug bounty programs. “As a means of identifying talent, it’s very significant.” That doesn’t mean only young hacker talent will take on the DoD’s Hack the Pentagon challenge. Moussouris expects seasoned hackers to sign up as well to be some of the first to find bugs in the DoD’s websites. Carter told RSA attendees that the program also highlights a cultural shift for DoD in cybersecurity. “It’s okay to tell us where we screwed up or if something is wrong.

That to me is one of the great messages” here, he said. Meanwhile, Schlein asked Carter to weigh in on the FBI-Apple dispute, where Apple is refusing to help the FBI unlock encryption on an iPhone used by San Bernardino terror suspect Syed Farook.

Carter declined to comment on specifics of the case, noting that it’s a “law enforcement matter,” but he did share his view on encryption backdoors: “I’m not a believer in backdoors or a single technical approach to what is a complex” issue, he said. “I don’t think we ought to let one case drive a particular conclusion or solution. We have to work together" to come up with a solution, he said. “I’m behind strong data security and strong encryption – no question about it,” he said. Related Content Find out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200. Kelly Jackson Higgins is Executive Editor at DarkReading.com.
She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ...
View Full Bio More Insights
SPONSORED: Mike Viscuso, CTO of Carbon Black, and Ben Johnson, Chief Security Strategist of Carbon Black talk to Brian Gilloly at the RSA Conference about how their background in offensive security helps them think like attackers, and better defend ag...
The big lesson from 12 months of security product vulnerabilities: there's no foundation of trust in any piece of software.

They all represent a potential new attack vector. There is a deep and amusing irony when products that are supposed to make you more secure are themselves subject to serious vulnerabilities.

This isn’t particularly surprising considering that writing complex and secure software continues to be something humanity struggles with.

Avastium’s ill-conceived and poorly executed browser is a good example, as Tavis Ormandy recently pointed out.

Another recent example courtesy of Tavis was the trivial remote command execution and read-all-your-passwords feature from a Trend Micro browser plugin. The popular opinion is that anti-virus is broken, and while this is true, it isn’t the entire story.
In addition to AV not catching all threats, it is also creating them.

Anti-virus attempts to safely parse countless file types in a non memory-safe language.

This is one of the challenges that has bedeviled developers since someone’s initial fever dream told them it would be a good idea.
It is the idea that AV companies have run with since the 1990s and we in our foolishness have bought into and made a regulatory necessity like when we all bought JNCO jeans.  The thing many are now realizing is that “defense in depth” is a double edged pantaloon, since it also expands the attack surface. With anti-virus vendors struggling to stay relevant, they’re forced to differentiate themselves by getting into areas they should stay away from. Why would Trend Micro or Avast want to meddle with a browser? Writing a browser is exceptionally difficult to do securely. Your AV company shouldn’t be making software security decisions based on quarterly revenue projections, but it is.
Someone at those companies probably said it was a bad idea, but they got overruled. Another hard truth: your AV solution is a rootkit belonging to the country where development occurred.

Contrary to recent events, having your enterprise compromised by the Russians is not part of anyone’s strategic plan.

Good rootkits follow the “nobody but us” rule of backdoors but AV tends to be a different kind of rootkit where most continuing development tries to violate that rule. But AV isn’t the only problem.

Any security tool, the ubiquitous Wireshark for example, has been prone to vulnerabilities.

These will be harder to identify and mitigate because teams inherently trust these tools as the foundation of how they do their jobs.

These vulnerabilities are a common blind spot in defense in depth strategy that need to be accounted for.  So what is the solution? The overall lesson from the last 12 months of security product vulnerabilities is that whenever a new piece of software or device enters your network you must ask “what are the consequences of someone using this against me?” Once you’ve listed those consequences the next step is to eliminate, mitigate, monitor and contain as many of them as possible. To start with, focus on the security tools you actually need.
Instead of heaping mountains of security related software onto end user PCs, engineer a solution where a user can click on anything (because they will) and the impact will be something you can live with.

From a security perspective, Windows users should have three pieces of software installed: some type of (domestic) AV that only does AV, Microsoft’s EMET and a monitoring daemon that will export logs and watches for new unrecognized binaries/DLLs.  Focus on segmentation/compartmentalization too.

Deploying Qubes OS enterprise wide would be an engineering Mt.

Everest, but their compartmentalization through virtualization idea is the way of the future. One of Qubes OS’s basic theses is that every desktop application gets its own dedicated VM through Xen.
In such an environment, effective exploits need to function in a very limited time window and include a hypervisor escape.  Put more emphasis on faster incident response rather than prevention, but remember, monitoring tools can have flaws too. Our brothers and sisters on the defense side of the security spectrum have shifted their liturgy to embrace the idea that being compromised is no longer an “if” but a “when.” And those of us on the side of darkness have been insufferably chortling ever since, as though this is a declaration of defeat. Moving away from the antiquated signature-based model to one focused on meta analysis to detect suspicious behavior is a better overall strategy. We’ve seen this work in our own consulting practice at Immunity.

A well engineered and analyzed monitoring infrastructure is a formidable opponent. The battle doesn’t end when the first host is compromised and defenders have some distinct advantages they can capitalize on. Minimizing the attack surface on hosts and networks and making those attacks more costly is a big step.

Effective monitoring can only come from deep knowledge of the environment and its patterns, which attackers won’t typically have. Remember that there is no foundation of trust on any piece of software; think of each of them as a potential vector. Plan your incident response around this idea, maximize your advantages as a defender and become a hard target. Related Content:   Find out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200. Dave is CEO of Immunity Inc., an offensive security firm that serves many Fortune 500s, major financials and federal agencies.

The company provides penetration tests and develops pen-test tools like Canvas, Silica, Innuendo and Swarm.
Immunity is a past contractor with ...
View Full Bio More Insights

Director of homeland and cybersecurity for Lockheed Martin talks about transforming the security operations center into the security intelligence center.
SPONSORED: Justin Harvey, chief security officer of Fidelis Cybersecurity, talks to Brian Gillooly at the RSA Conference about the balancing act of both protecting the organization's insiders and protecting the organization from its insiders. He also ...
Sponsored: Colin McKinty, vice president of cybersecurity strategy, Americas, for BAE Systems joins Brian Gillooly at the RSA Conference to talk about how knowledge of your adversary -- and knowing that they are, after all, just 'fallible human beings...
From the president of RSA to the director of the NSA, all RSA conference keynotes mentioned needs for protecting liberties and increasing the infosec workforce. ec professionals and protecting privacy rights Find out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200. Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ...
View Full Bio More Insights
New China-based threat intelligence company ThreatBook wants to be the 'trusted contact in China.' SAN FRANCISCO, RSA Conference -- The DarkHotel threat group is targeting executives at telecommunications companies in North Korea and China, already compromising at least one, according to researchers at Beijing-based threat intelligence start-up ThreatBook. In operation since 2007, DarkHotel is named for their habit of exploiting executives while they were using unsecured hotel WiFi networks, a behavior the group has since abandoned.
In this campaign, which ThreatBook refers to as DarkHotel Operation 8651, the group is using spearphishing messages with malicious documents attached -- specifically, a crafted SWF file embedded as a downloadable link in a Word document. The SWF file exploits Adobe Flash vulnerability CVE-2015-8651.

According to ThreatBook, the earliest infections associated with that bug and this campaign are Dec. 24.

Adobe released an out-of-band patch for it Dec. 28. The payload, update.exe, is a Trojan downloader, disguised as a component of OpenSSL.
It then uses a variety of anti-detection measures, including anti-sandbox, and anti-anti-virus, as well as just-in-time decryption. Feng Xue and Hong Jia, friends from their days working at Microsoft, first had the idea to start ThreatBook in May.

After a hurried meeting at the Beijing airport Starbucks during Jia's two-hour layover en route to Redmond, Wash., the two quit their jobs -- Jia as principal anti-virus research manager at Microsoft and Feng as CISO of Amazon.cn -- and launched ThreatBook in June. "I never thought I would leave [Microsoft]," says Jia. "The career path was quite good and I love Microsoft." "I got excited and I could not sleep," says Xue. The idea that hooked Xue and Jia was realizing that there was no threat intelligence market in China, but the need for one was great. "Threat intelligence is not just a tool, it's a new wave.

A trend," says Xue. ThreatBook uncovered information about the identity and intentions of the XCodeGhost authors in October.

This week they are exhibiting at RSA, introducing their security threat analysis platform and Threat Intelligence Center. Xue says that at previous positions he's held there was a lack of understanding of China's unique landscape. He'd have to spend some of time at old jobs educating colleagues about, for example, enormous cybersecurity incidents in China that are so underreported in the West that they aren't even mentioned in yearly wrap-ups of top global attacks. "I feel sometimes frustrated," Xue says. Jia says this is one of the things she wants ThreatBook to be able to fix.
She says their focus is China-focused threat intelligence, and they're very open to exchanging information with other companies and other organizations. "Our company is a bridge," she says. "We want to be the trusted contact in China." Related Content:   Find out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200. Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ...
View Full Bio More Insights