All this week, Salted Hash will be walking the halls of the RSA Conference in California. The running theme this week is threat intelligence; what it is and what it isn't, the vendors who produce it, and the people who use it.
You'd think there would be an abundance of sources and source material given the topic, but that wasn't the case at all.
For two weeks, Salted Hash attempted to locate security practitioners in various market segments to talk about threat intelligence, incident response, and how the two areas overlap. It wasn't easy.
First, while most were willing to share their experiences, they wouldn't or couldn't share proof of those experiences, such as redacted screenshots of the product, or anything that would confirm they were a customer of a given vendor. It may seem extreme to require proof, but given the topic, we felt it was important to confirm first-hand knowledge of the product it possible, and avoid speculation.
Second, there was another segment of people willing to talk, but only in a general sense, because the threat intelligence vendor was holding non-disclosure agreements over their heads.
And that's understandable. Most people aren't allowed to talk to the media, and those who do often request that their name and employer be left out of the official record. But it's strange that a threat intelligence vendor would have a non-disclosure agreement preventing a company from discussing perceived value or sharing information on the types of data they see.
We reached out to FireEye, one of the better-known and widely used threat intelligence vendors on the market, and asked if they used non-disclosure agreements to prevent customers from talking about the intelligence they get, its scope, or its value, etc.
A spokesperson got back to us a short time later, explaining that the intelligence products that they sell are proprietary "and customers agree in the terms and conditions not to disseminate the content beyond the organization (standard clause when purchasing content of any sort.) Talking about the scope, and perceived value, is certainly not prohibited."
FireEye was one of the vendors where customers stated they couldn't speak due to a non-disclosure agreement. As it turns out, FireEye customers are in fact free to talk about their experiences, they just can't share content.
Perhaps the concept of what is and isn't allowed with regard to open discussion isn't being communicated properly by the vendor or the company. Then again, it could be a case where those in the trenches don't know the limits of the non-disclosure agreements they cited when declining to talk. The final possibility as to why sourcing this week's coverage was so taxing is that the organization just doesn't want to discuss any aspect of their threat intelligence operations.
Sign up for CIO Asia eNewsletters.