Maybe the entire notion of a vendor forcing non-disclosure agreements needs to be examined? Is it useful? Sure, keeping the sauce a secret has advantages, but how far is too far?
Rick Holland, when he was at Forrester (now the VP of Strategy for Digital Shadows), somewhat addressed this issue a report on threat intelligence last year:
One hundred percent transparency isn't realistic; providers naturally want to protect their sources and methods, but they must find a compromise that informs prospects and demonstrates differentiation.
In a crowded market, providers who keep everything about sources and methods private will be hard-pressed to make customer shortlists where they will be given the opportunity to validate their nebulous claims. Challenge vendors that provide little detail and suggest nondisclosure agreements; as a last resort, eliminate them from consideration.
As mentioned, FireEye customers referenced non-disclosure agreements when asked specifics. Even after being informed that FireEye doesn't prohibit discussions about perceived value or scope, they remained firm on their stance.
As you'll see this week, we did find some people who use threat intelligence daily who were willing to share information, their experiences, and thoughts on the topic.
Those we spoke to use a number of different vendors and products to get the job done. Later this week, we'll look at an advisory from Radware and examine context, discuss threat intelligence automation, learn what it takes to start a threat intelligence program, and more.
Today's story looks at how an incident response manager uses CrowdStrike's Falcon platform.
Full Disclosure: I have recently learned that CSO Online, the parent publication of Salted Hash, has an existing business relationship with CrowdStrike.
I was not aware of this business relationship prior to starting my research on threat intelligence. Editorial and marketing have defined limits and do not overlap when it comes to news gathering operations, so there was no way for me to know of it before hand. The existence of this business relationship was brought to my attention after my research into CrowdStrike came to an abrupt halt on February 23.
This abrupt halt was due to CrowdStrike contacting senior management at CSO Online. I don't know the exact intent of the company in reaching out, but the contact with senior management alleged that I was refusing to give them a fair shake in what was shaping up to be a negative piece. This was confusing, because I had contacted the company twice in the previous week only to be met with silence.
Not only did I ask them to take part in the story on February 16; along with my questions, I informed them that I was speaking to a person working incident response in the finance sector, emailed them my story notes, the notes from a Falcon Host demo I watched, and informed them the demo notes would be part of the story, as they countered some of the source's remarks.
Sign up for CIO Asia eNewsletters.