Building an Effective Network Defense Using Threat IntelligenceChris Coryea of Leidos on Fighting New Threats
After a significant 2003 cyberattack against the company, defense contractor Lockheed Martin spent 10 years developing a cyber defense strategy taking into account the lessons it learned.
Key elements of that strategy that others can put to use include diligently gathering threat intelligence internally to support development of an effective mitigation strategy. Another important step is the use of the company's seven-step "cyber kill chain framework" to guide the process, says Chris Coryea, cyber intelligence services manager for Leidos' cyber intelligence practice in Europe, the Middle East and Africa. Leidos acquired Lockheed Martin's information systems and global solutions cyber business in August.
"Post the attack, we wanted an effective strategy or a framework that helped us derive intelligence from the data and footprints left by the attackers," Coryea explains in an interview with Information Security Media Group conducted at the recent 2016 RSA Conference Asia Pacific & Japan in Singapore.
"To derive the intelligence and understand the gaps in people, process and technology so as to evaluate portfolio of products and technologies against real attacks, we [created our] cyber kill chain framework to build defense strategies."
To build an effective security strategy, however, requires continuity in leadership, Coryea says. "Frequent changes in leadership, such as having a new CISO every two years, breaks the long haul of building a security culture and consistency in building effective defenses as each new professional would like to try something different, discarding the earlier efforts," he says.
In this interview (see audio player below photo), he also offers insights on:
- Using a systematic and pragmatic approach to building a network defense;
- Creating an actionable threat intelligence program;
- Taking advantage of information sharing to help mitigate threats.
In this role at Leidos, Coryea oversees its UK Security Intelligence Centre and is responsible for leading a team of cyber intelligence, open-source intelligence and information assurance analysts.
Principal correspondent Varun Haran contributed to this report.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.