Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

Question: I'm an IT person in a midsize company without a security staff. I'm concerned about all the cyberthreats I hear about, but I don't know where to get new threat ...

Paul Kurtz, Chief Cybersecurity Adviser, Splunk Public Sector

July 1, 2019

1 Min Read

Question: I'm an IT person in a midsize company without a security staff. I'm concerned about all the cyberthreats I hear about, but I don't know where to get new threat information or how to determine which threats might affect my specific organization. Can you help?

Paul Kurtz, co-founder & CEO of TruSTAR: In an ideal world, every company would build and maintain a threat model unique to that company based on its business profile, assets, operation location, etc. However, this a challenge even for large, mature teams to accomplish. 

Without a security staff, companies may struggle to appreciate the ROI of paid commercial intelligence feeds and be overwhelmed by the volume of open source intelligence. These challenges begin to diminish once a threat model is established and organizational capabilities to select and curate intelligence matures. 

While every company's threat model is unique, there should be a significant degree of overlap with industry peers. You can identify and operationalize relevant threat intelligence by joining a sharing community, like an ISAC or ISAO. Correlating this shared industry intelligence with internal security events and alerts from MSSP providers, SIEMs, phishing emails, and case management systems is the ideal spot to begin understanding what industry threats are directly relevant based on that overlap.

This can occur in two ways: one, consuming community intelligence into a SIEM and case management tool, and, two, sharing out suspicious email and events back to the community to determine if anyone else observed the threat as well and can add more context.

What do you advise? Let us know in the Comments section, below.

About the Author(s)

Paul Kurtz

Chief Cybersecurity Adviser, Splunk Public Sector

Paul Kurtz is an internationally recognized expert on cybersecurity and a co-founder of TruSTAR and now is the Chief Cybersecurity Adviser of Splunk's Public Sector business. Paul began working on cybersecurity at the White House in the late 1990s where he served in senior positions relating to critical infrastructure and counterterrorism on the White House's National Security and Homeland Security Councils.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights