The 2019 CyberEdge Cyberthreat Defense Report paints a harsh picture of cybercrime. In a survey of more than 1,200 IT security decision makers and practitioners, 78% of respondents admitted to falling victim to a successful cyberattack, and nearly two-thirds said that future successful cyberattacks are inevitable. While pessimism and fear, uncertainty, and doubt are prevalent within cyber security circles, percentages alone don’t tell the whole story.
Cybercrime may be increasing, but so are the ways organizations can protect themselves, and, contrary to popular opinion, organizations are doing pretty well. The proportionality of loss only feels unbalanced when looking at successful attacks in isolation; we’re more likely to read that cybercrime costs the U.S. $45 billion per year[i] than we are to read that 87% of companies say they are able to prevent targeted attacks.
From firewalls to endpoint protection, encryption to data backups, and everything in between, security practitioners have a plethora of ways to keep criminals out of systems or quickly identify and mitigate attacks once they’re inside. While rapid identification and response are critical, the best way to reduce risk and minimize damage is to anticipate and prevent incidents altogether, especially targeted threats. To do so, the greatest tool practitioners can have in their toolbox is business risk intelligence.
Out in front of the threat
After many years on the buy-side of information security, Chris Camacho was hired by Flashpoint in 2016to become the company’s chief strategy officer. During a recent call, Camacho told me he’d been a Flashpoint customer in his last end-user role: “My ability to procure security products was almost unlimited, and what impressed me with Flashpoint specifically was that I was seeing findings other threat intelligence tools weren’t providing. They always seemed to be out in front of things.”
Camacho was a convert—as a user and soon-to-be employee. With a number of intelligence companies on the market, it’s difficult for any one company to stand out. On the surface, one tool can look a lot like the other: If it’s shared data, or coming from the same sources, how is one product different? Deliverables tell a different story. With Flashpoint, that story begins with counter terrorism.
Flashpoint was founded in 2010 by Josh Lefkowitz and Evan Kohlmann. At the time, the duo’s mission was tracking terrorists on the internet, finding the signals in the noise. From that focus grew a deeper concern about how all kinds of criminals were, or could be, exploiting the internet to plan and carryout illicit activities. Cybercrime was exploding, and savvy criminals were evading law enforcement. Lefkowitz and Kohlmann saw an opportunity to take what they’d learned in anti-terrorism and apply it to broader cybercriminal activity.
Flash forward to today and Camacho says that what makes Flashpoint unique is its commitment to helping law enforcement investigate criminals and similarly helping businesses assess risk across their organization, beyond cyber. Finding the right data that indicates a crime isn’t enough; plenty of intelligence companies can claim to reduce the signal-to-noise ratio and pinpoint technical threat indicators. The mission of Flashpoint’s leaders is beyond data and the analytical engine that ties it all together.
Doubling down
To accomplish this mission, the company is doubling down in a few key areas. For starters, they’re actively increasing the number of supported integrations, particularly with threat intelligence platforms (TIPs), vulnerability scanners, and security information and event management systems (SIEMs).
Another area revolves around credentials breaches. With a new compromised credentials monitoring offering generally available this month, Flashpoint is enhancing its commitment to mitigating account takeover attacks and helping organizations understand their exposures if a credentials breach is discovered on closed areas of the internet, or publicly disclosed.
Also, there’s FPCollab, an enhanced customer community, that facilitates crowdsourced insights from intelligence experts across industries. Information Sharing and Analysis Centers (ISACs) are the leading resource for CISOs, risk, managers, and security and intelligence professionals within defined industries, but fewer groups exist for cross-industry sharing. Because threats and adversary tactics and techniques don’t always discriminate based on industry sector, FPCollab fills that function.
Importantly, the group is moderated by a Flashpoint subject-matter experts and insights are curated so they’re risk-centric rather than merely technical in nature. The group includes native speakers of more than a dozen languages—cyber crime knows no geographic boundaries—and members from both the public and private sectors. “FPCollab brings the conversation up a level” Camacho told me, “so that customers can focus on business risk.”
Another notable aspect of Flashpoint is its commitment to the human element of cyber crime investigations. Flashpoint’s human-powered intelligence is aggregated and cross referenced with OSINT and proprietary data, and that’s where the magic happens. While automation drives the Flashpoint platform (too much data exists for a human to process), researchers help bring the most relevant data to the top of the funnel in the form of contextualized intelligence created by analysts who have access to closed or invitation-only areas of the internet. This differentiates Flashpoint from other providers and delivers unique information and intelligence to inform business decisions.
This is why the company positions its offerings as Business Risk Intelligence rather than the more-colloquial threat intelligence. The differentiator is Flashpoint’s experts who are analyzing and curating the data they collect, in addition to the amount and type.
Rewriting your ending
As with any effective intelligence-focused organization, customers can use the platform for alerting and reporting (deliverables can be tailored to business needs) or diving deeper to proactively hunt for threats. The company is also working on features that allow smaller businesses to use intelligence, even if the SMB doesn’t have a dedicated threat intelligence team or internal resources to counter threats on their own.
You don’t have to be a genius to know that intelligence is important to cyber security outcomes. Organizations can choose to take a passive approach to defending their networks or they can use curated indicators to focus efforts and affect more positive outcomes. If you’re in the latter camp and what to flip the narrative of “security is losing,” take a look at Flashpoint and see if they can assist you in ensuring you’re focused on what is most important to your business and outcomes.
