Threat intelligence is fast becoming a baseline component in industrial cybersecurity for many companies, but Adobe is being recognized for its efforts to go above and beyond that baseline.
Led by threat intelligence program lead Filip Stokovski, the Adobe Security Coordination Center completely overhauled its threat intelligence operations and procedures, creating a new framework that breaks analysis down into four steps: collect information that’s relevant, be efficient, make your findings analyst-driven and make your intelligence deliverable to other parties.
The company already had a security operations center with threat hunting and incident response and operations teams, but found that the intelligence they produced had only limited application to some threats and vulnerabilities and didn’t do enough to support real-time remediation. The framework relies on a maturity model leveraging machine learning and security automation and orchestration (SOAR) to develop unique risk scores for internal cybersecurity vulnerabilities. The changes allowed security personnel to elevate the profile of overlooked threats and improve communication between the security team and other stakeholders.
The changes align with widespread perceptions of industry best practice and the natural evolution occurring in threat intelligence today to meet the need for more automation to handle the tidal wave of telemetry and threat data that has washed over businesses as data breaches and other attacks become more routine. According to the SANS Institute, nearly half of threat intelligence and security professionals cited lack of automation or interoperability issues as inhibiting their organization from implementing their cyber threat intelligence programs effectively. They also cited lack of automation from technical identification to the C-Suite reporting process and a lack of confidence in using threat intelligence to make decisions, two other problems the new framework is designed to address.
"The Adobe SCC team is critical to maintaining and enhancing Adobe’s security posture. The team members consistently go above and beyond to help protect Adobe and release tools to the larger community to help with their environments,” said Tom Cignarella, the center’s director.
The center also developed “Stringlifer,” a new open-source tool that is written in Python and designed to differentiate between random character sequences and normal ones. It utilizes machine learning to analyze hashes, API keys, randomly generated passwords and other strings of code to help security professionals more neatly categorize log data and spot instances of exposed credentials.