A lot of companies are offering global information about threats that is of no relevance to our company, our customers, or our global portfolio, said Stan Black, CSO of Citrix, in our conversation at the 2015 Black Hat Conference in Las Vegas.
Black is frustrated with vendors who show off their entire threat portfolio for which his company only needs a small subset. Problem is he doesn’t know what that is, nor do the vendors. It’s a complete lack of actionable threat intelligence.
His goal at the conference is to find companies that have technology that can create an active threat mitigation profile.
To win over Black’s business, vendors will have to take limited artifacts from his business and put those into an environment that will correlate with their threat intelligence and make it relevant specifically to that portfolio. Without that, it’s just stuff for which he can’t create any action.
If the vendor doesn’t do the work, then Black’s team has to do the work, and that just increases the price of using the product.
“More is not better in the threat intelligence world,” said Black. “Quantified, contextually accurate, and relevant, that’s value.”