One of the key elements of cyber security is threat intelligence. But like many things in the cyber security business, threat intelligence is one of those subjects that is shrouded in secrecy. What is threat intelligence? What does a threat intelligence team do? How do they work with a customers own cyber security teams?

To get the answers to those questions, Enterprise Times travelled to Gothenburg, Sweden to talk with Joel Cedersjö, Threat Intelligence Manager, NTT Security. Cedersjö told us: “Threat intelligence is all about how can we enhance our threat detection services. When we work in the SOC we focus very much on that everything we produce has to be actionable.

Joel Cedersjö, Threat Intelligence Manager, NTT Security

“We don’t create large amounts of big lists that nobody looks through. We don’t write write-ups about a very specific attacker that no-one will ever meet or be faced with.  We’re only focussing on what can we use?”

The key here is actionable intelligence. In the case of NTT Security, it means that customers get more than just a report showing what has been found. Customers also get a set of actions that they should take to remediate the threat.

One of the challenges that Cedersjö faces is recruitment. In the podcast he told us how a trained nurse moved from medicine to threat hunting. Threat hunting requires individuals who are willing to do what can be very mundane work filtering and tracing an attack or attacker. This also means shift work which can be unpopular with some.

Cedersjö also talked about what he looks for when recruiting. To hear more of what Cedersjö had to say listen to the podcast

Where can I get it?

obtain it, for Android devices from play.google.com/music/podcasts

use the Enterprise Times page on Stitcher

use the Enterprise Times page on Podchaser

listen to the