The Evolution of Threat Intel
Jason Valenti, director of product at ReversingLabs, chatted with ConversingLabs about the evolution of threat intelligence and where this industry stands today.
EPISODE TRANSCRIPT
Paul Roberts: Okay, everybody. Welcome back to the ConversingLabs podcast. This is the first episode of season eight of ConversingLabs. I'm your host, Paul Roberts, and as you know here on ConversingLabs, we bring in and talk to the best minds in cybersecurity, threat intelligence, software supply chain security, malware analysis, you name it.
And very happy to have with us today in the studio, my colleague here at ReversingLabs, Jason Valenti. Jason, welcome.
Jason Valenti: Hey, Paul. Thanks for having me on, that's a pretty nice intro. A lot of pressure there. Season eight, episode one.
Paul Roberts: I think you live up to it. So Jason, you're the director of product management here for and focus on threat intelligence and obviously ReversingLabs has a deep and long history with threat intelligence, as do you in your personal career. So we're gonna talk today really about this threat intel space, how it's evolved, what role its played in your own professional life, and what direction we're going in.
So Jason, for folks who aren't familiar with you or haven't come across you in their professional lives could you maybe just tell us a little bit about your journey into cyber and also, the threat intelligence space specifically.
Jason Valenti: Yeah, sure. Thanks Paul. Thanks for the kind intro.
We'll try to do our best here to keep folks entertained, but no, I appreciate the kind words as you mentioned too, I'm here at ReversingLabs as a director of product management. And I work alongside our engineering team and with a talented group of product managers. And we're looking after malware analysis, threat intel, threat hunting products that fit within a portfolio over here at ReversingLabs, which is our sister portfolio to our software supply chain security product.
The journey into threat intel for me wasn't necessarily a straight line. And I think that's one thing that a lot of folks who are wanting to get into cybersecurity or threat intelligence should understand about it. There's not necessarily a specific straight path for getting into these type of things.
So for me, I was always a really curious sort of, engineering type of person. I always wanted to try to understand how things worked and that led me to going to college for computer information systems and then you know what, at that time too, I was always very interested in the internet and the different types of subcultures that were on the internet.
And I was in on the internet pretty early on when I could still remember the days of, these sort of script kitty groups and just different types of folks that would hang around and try to cause mischief online, so I for one reason and another, I was just always interested in that.
I thought it was interesting and, one thing led to another, like I said, I came out of college and began working as a software engineer. And that's a fantastic way to get into this space because you learn about technology and you learn about the different types of systems that are behind the scenes and that power applications like we're using today to do this very show.
I feel like once you have that sort of understanding, and then you look at how criminal organizations look to try to exploit these applications, you become to really understand and get a good sense of how they're doing these type of things, from an engineering point of view. That's the journey, how I led into this stuff. And when you start to look at aspects of cybersecurity, it really just boils down to, there's underlying technology behind it. If you have an understanding of how it works, you're typically understanding okay, it breaks a lot.
Jason Valenti: As technology never really works, so you start to notice stuff about it. You start to notice, the ways that technology's put together. Oftentimes, it's not really put together with the security first mindset.
Paul Roberts: We're gonna talk about that.
Jason Valenti: So on and so forth, being sort of an entrepreneurial person, it led me, in and out of some public service that I did, I had some time spent at Department of Justice within the FBI, working in technology, which we could talk about as well. It wasn't a straight path, you know, and you get introduced to some of this stuff and, depending on your curiosity levels, if it piques your interest, you can press on those buttons and head in those directions.
Paul Roberts: Yeah, particularly of a certain generation, right? There was no effective cybersecurity industry before, I don't know, maybe the mid to late 1990s. So yeah, you were almost, by definition finding your way to it through, other means or other paths whether that's the military or whether it's, you know, work hanging out at the loft in Boston or what have you.
You mentioned that you worked for the FBI, very interesting part of your career. Talk to just a little bit about what you did there and obviously what you learned working within that organization, which is the point of the spear for a lot of cyber criminal investigations that happen here in the US anyway.
Jason Valenti: Thanks Paul. That was a privilege, it was a privilege to be able to work alongside folks whose roles and responsibilities it is to protect the United States' interests both here and abroad. And being a part of that organization, very humbling. You're working alongside folks who are very high IQ, very dedicated to the mission, and everyone is really working from a public service perspective.
You're working on behalf of the United States. You are working on behalf of the United States citizens and our interest as a country. And there's a lot of responsibility there. So in particular, I was part of a technical organization who worked alongside of special agents within that organization.
And, throughout the investigative process, there's a lot of challenges that investigators face. And oftentimes those challenges, lead them down the road to needing to figure out things from a technical perspective. Solving crime is a team sport, right?
You're doing it alongside of, folks that are technical in nature who could write code and reverse engineer stuff. And then part of those teams you're working with intelligence analysts. So folks who are...
Paul Roberts: different skillset, right?
Jason Valenti: Yeah. Different skillset. They're connecting the dots, right?
And then you have sort of the law enforcement aspect of it, the folks who are kicking doors down and serving warrants and going after these criminal organizations who would wish to do harm to not only US citizens, both here and abroad, but also any organization. So for me that's how I got introduced to the core concepts of what really drives the whole cybersecurity industry and market, which is a public and private sector response to try to disrupt criminal organizations, who want to try to steal things and disrupt operations or, maybe it could be something light, like just, performing hacktivism to get a certain message out there on behalf of their group.
Or maybe a hostile foreign government. So, it's really that time in the Bureau gave me a good sense of the behind the scenes of how all this stuff works and how the money flows and that behind the scenes it's typically, either hostile foreign governments and just very motivated criminal organizations and they both have very specific motivations, behind what it is their objectives are.
Paul Roberts: It's really interesting when you think about it, organizations like the FBI, law enforcement in general, not only in this country, but pretty much every other country- cyber crime really only emerged as a thing within about the last 20, 25 years. Not that there weren't, viruses and other stuff, but it was more kind of stunts and, kind of folks trying to boost a reputation. " I Love You" virus. It wasn't about stealing information, it was just about getting, cred. And then, even when I started covering cybersecurity, like there wasn't really a lot about cyber crime. And now it's depending on the estimate, right? A trillion dollar industry basically, or certainly, hundreds of billions of dollars. I would, you know, this is something that the FBI kind of had to come to grips with. Like holy cow. Yeah, this is whole other new type of crime that's happening and we need to kind of level up to be able to fight it.
Jason Valenti: A hundred percent. Yeah. And it, it became a problem that like seemingly happened overnight.
Paul Roberts: Yeah. In the big scheme of things. Yeah.
Jason Valenti: For the longest time, criminal organizations were monetizing towards stuff that everyone knows about, all different ways to be able to make money.
You know, And that's typically where criminals lie. That's their main objective. It's to make revenue, so not unlike a company. So you had law enforcement agencies and for the most part, the entire intelligence community oriented around that model.
And then the business model changed, it became easier to move online. It became easier to get into the business of, extorting money and stealing money digitally than it would be to knock a door down and go into a bank. And steal that money out of there or control big areas of the drug traffic and drug trade.
To a certain extent, the criminal organizations who recognized that, they were leaders of that space. It sounds odd to look at it like that, but they realized, hey here's an area where we could make a lot of money for not a lot of effort. And no one's really watching.
Paul Roberts: And we're not putting our bodies at risk, we're sitting here behind a computer, nobody's gonna get shot or blown up or anything.
Jason Valenti: A hundred percent. There was a big sort of retooling, and resourcing up of not only like members of the Intel community, but broader law enforcement in general, both at the federal, state, and local level, which is still one of those things you hear about today. Those organizations are always trying to stay ahead or two steps ahead of adversaries, and it's very complicated. It's very challenging to do that.
Paul Roberts: With that in mind, like when we're talking about threat intelligence, which is the bread and butter of what law enforcement agencies are trafficking in and monitoring.
I mean there are different definitions of it. What's the definition that sits with you and how people should understand what we're talking about when we use the phrase "threat intelligence?"
Jason Valenti: Yeah. I think if you ask 20 people their definition of threat intel you get 20 different definitions, right? It's one of those things that, oftentimes just seems, very mysterious. When I think about threat intelligence, I feel like the overall definition of it had to evolve since how it first started, right? Like we're talking crime, talking criminal organizations.
And in the past they weren't really that complex. Organizationally, they could be pretty big and sprawling. But for the most part it was just really like a layer of human capital. And then over time, as crime started to evolve from, these things, like we know of bank robberies and drug trade and drug trafficking, those things really into the digital space, the complexities of the criminal organizations and the tools and methods in which they employ to carry out whatever it is their objective is, became really complex. So suddenly you had this picture that was like, a tree with thousands of vines and branches, right?
So you really needed a way to be able to start looking at that and connecting those dots and figuring out like, how does all this make sense? So I think it was one of these things that kind of grew out of necessity over time and within the intelligence community, of course, the intelligence analyst plays a critical role in being able to connect those dots. And naturally, as crime started to sort of progress digitally and move more into cyber facing crimes, those folks started focusing on that aspect, connecting dots, trying to understand who these criminal organizations were, taking inventory of the different tactics, techniques, the approaches that they took, the tools they're using to be able to carry out their exploits. And that in of itself is an extremely complicated job trying to keep track and tabs on all of that. So I feel like it gave birth to this industry that's, well-defined today, the threat intel market. But I think in its simplest terms, the way I like to explain it to folks is just it's additional information that could help you understand the who, what, when, where, and why behind a crime, behind an incident. And today, unlike 20 years ago, an incident, involving a computer or an endpoint or some cloud location is a lot more complex, right? You just can't look right at it and understand what's happening. So teams in particular today are responsible for, having to explain so much more about an incident and how that relates to their vast infrastructure that they need to protect, as security operation folks, working in conjunction . We hope a lot of the times the cyber threat intel team, but that's often not the case.
Paul Roberts: Yeah. Part of your journey, and before you came to ReversingLabs, you were at CrowdStrike. Obviously they were a pretty important transformative company and in the malware detection and prevention space, endpoint detection and response. But also really leveraged threat intelligence very heavily as part of, the types of protections that they were offering, moving from this kind of signature matching basically of the first generation antivirus to something much more kind of holistic, including leveraging threat intel. So talk just a little bit about your experience there and how you saw CrowdStrike leveraging threat intelligence to provide better- just endpoint protection and how that fit into their overall system.
Jason Valenti: Yeah, it was a fantastic experience. I started there very early on. It was still a very small company when I joined there. And, the energy for this brand new market that they created, this endpoint detection and response market they essentially coined and created was fascinating to see. And I think with that approach, it was just so game changing and transformative on the endpoint. It produced so much high fidelity information about what's going on at the endpoint layer within an organization, and the telemetry that sort of presented from an endpoint detection and response perspective compared to the standards of the time, which were just like you mentioned, the signature based traditional AVs.
There wasn't a lot going on there. There's scanning happening. It tells you something's bad and you moved on with your day. The EDR is introduced, it's a whole new playing field with so much more telemetry and data on there. I feel like the way CrowdStrike really leveraged the threat intelligence that was produced and still to this day, is produced by Adam Meyers and the CrowdStrike intelligence team, which does a fantastic job of keeping track of some of the most prolific nation state actors that are operating out there today.
Following these organizations, understanding their tactics, techniques, their tools, their approach. CrowdStrike really humanized these incidents that security professionals are dealing with. And what I mean by humanized is they really help folks understand. They were the first company to really help people understand that, hey, it's just not some, hacking computer code, some bug that's going on, on your endpoint, right? That just needs to be blown away and wiped away. It's actually, in certain cases, a criminal organization and those are real people, or it's a hostile foreign government. So once security folks we're presented with a framework to think about incidents, I feel like it was a game changing moment. I feel really honored to have been a part of that and have worked there and saw sort of the impact it made for the company, but also the industry, because it really set the precedence where it's okay- let's start talking about these incidents for what they really are. These are criminal organizations and hostile foreign governments looking to steal secrets, steal trade secrets, steal money, disrupt organizations. So let's just call it out how it is.
Let's track them the best way we can and produce information on those organizations, so teams that are responsible for defending are up to speed. They know who they're dealing with. As folks who are working in cybersecurity, you are defending. You're always on defense, you never really have a chance to play offense, so you get worn down. So you need to know who you're playing against in this game, and I feel like-
Paul Roberts: it's not even clear you can play offense. There are all kinds of legal ramifications around that.
Jason Valenti: That's right. They're constantly defending the goal. They never have a chance to take their own swing.
So I feel as an industry, companies that are working within threat intel space and it's kind of one of the reasons why you see a lot of companies being able to exist within the threat intelligence market at the same time is because they all bring something really special to the table.
And CrowdStrike, really brought something very special to the table in terms of adversarial threat intel, as well as other aspects of threat intelligence. But the adversarial threat intel is really game changing.
Paul Roberts: For putting names and characters around these various nation state groups, the panda groups-
so when I think about threat intelligence, it's such a broad term. But the types of things I think about are, what type of malware a particular group might use. What their command and control infrastructure looks like. What types of organizations they target and for what type of information. If companies aren't already consuming and using threat intelligence, what types of stuff is in a threat intelligence feed that you may buy or a product that's leveraging threat intelligence and like how do you leverage that? How do you use it?
Jason Valenti: Yeah, that's a good question. We get that question a lot. I feel like that's top of mind for a lot of organizations. Once you get to a certain maturity level as a company within your security organization, you begin to start thinking about things from, a more detailed, reactionary standpoint as well as a proactive standpoint.
So from a threat intel perspective, operationalizing various aspects of it really comes down to the company itself, what the company's actual objective is, and the maturity of those security teams. Like for example, if you're an organization, like at ReversingLabs here, a lot of folks know us from our file threat intelligence.
And at its core, we're ingesting massive volumes of files, different security objects on a daily basis. We're breaking those down, through a lot of different processes in which we use, a lot of them are proprietary for us, and we're analyzing those files and we're extracting information out of those files and re-analyzing those artifacts that are coming out of those objects to essentially produce, like what's talked about out there in the threat intel space from a feeds perspective, are indicators of compromise.
And the way I like to explain those, it's essentially just digital evidence that ReversingLabs has seen associated with something either malicious or good. In our case, we actually have threat intelligence on things that are considered "goodware." which is fairly unique to what we do here.
But essentially that's how I like to explain it. It's digital evidence that a company has observed, based on something that is either malicious or maybe suspicious or maybe completely clean, and typically with indicators of compromise, that could be hashes, IPs, URLs, domains. And it's basically we're saying, Hey, to an organization, here's a bunch of digital evidence that we have that is associated with crime, that is associated with stuff that we could attribute to crimes that crime, right? Malware, whatever it is. Incidents that happen involving these things. Oftentimes that's really useful for security teams because they could take that in and then compare it to what they're seeing internally.
Compare it to telemetry that's coming out of some internal tools, compare it to EDR data, compare it to what they're seeing at the edge, some of their network based devices and just compare and contrast. And then oftentimes organizations, depending on their maturity level.
They could power automated security workflows with that data. And still to this day, you hear security teams with blocking use cases. They take a lot of the high fidelity stuff and they dump it into their edge of network devices to just not allow any communication with devices that are talking on those channels. There's a lot of different ways it can be applied, from an indicator of compromise. And then of course, like within the threat intel space, like we were discussing, there's adversarial threat intelligence, which is everything you'd ever wanna know about these criminal organizations, where they're at, how they operate, what their organizational structures look like, what kind of tooling they use. What type of malware they write, what their motivations are. So there's a lot of different aspects of it. Then you have finished intelligence, of course, which are very rich, very detailed research reports, and operationalizing that stuff really all comes back to an organization's maturity level.
Oftentimes in this industry, in this macroeconomic climate too, everyone's looking to cut back and then downsize certain aspects of their approaches and their security organizations. But, there's a big need for it within organizations that sort of have that demand for it from a maturization standpoint.
Paul Roberts: My sense is a lot of companies and correct me if I'm wrong on this, sort of love the idea of threat intelligence, but get hung up on, do we really have anyone on staff who can leverage this? We don't have former FBI people working for us. We got IT people, we got a couple people who have security background, but not high level, incident response people. And so why should we pay for it if we can't really leverage it? Especially since, does this increase our liability? If we have this threat intel, are we then liable if something happens and we knew about it 'cause it was in the threat feed we got?
Is that kind of pushback that you hear? And I guess obviously the question is, what's the answer to that for those non fortune 100 firms that have the resources and staffing to dive deep into a threat intel feed.
Jason Valenti: Yeah that's a good question. I think when you look across the board, certain organizations have particular regulations that are very stringent. And they require a certain set of checks and balances need to be done internally. If you're in the financial vertical or government vertical or pharmaceutical vertical, obviously these are large organizations. They're heavily regulated organizations.
They're very global, right? So it's very important for these organizations to be able to take offensive measures as well as trying to be as proactive as they possibly can be to try to understand, who it is that's targeting them. It's very important because the stakes are very high, they have a lot to lose. Oftentimes these are organizations that are managing people's retirement funds, they're powering the financial infrastructure here in the United States as well as other places around the globe.
Paul Roberts: Or the physical infrastructure.
Jason Valenti: The stakes are very high there. So these teams, typically they're well organized. They're staffed really well and they have budgets to be able to entertain and operationalize threat intel. But like you're mentioning too, I think the further you go down market, when it comes to smaller organizations, if they're asking the question, what is this stuff and how do we think we might be able to implement it? They're just not ready yet. They're just not ready yet. And oftentimes you see it's too late where these organizations will become hit. And after the smoke clears, after they've been ransomed or something, some sort of incident happens- all of a sudden, security now needs to become paramount. We're in the industry and we like to believe that the biggest budgets within an organization is security, but it's just not.
Paul Roberts: Oh no,
Jason Valenti: It's just not, in organizations-
Paul Roberts: It's marketing. I mean, what are most companies spending most of their budget on?
Jason Valenti: It depends, in the financial world, like in the banking world ,they're focused on doing what it is that they do best, moving or protecting money. Or making money on that money and, security and IT and technology is a thing they had to adopt, it's not their core business.
Paul Roberts: By and large, they do a very good job on security, certainly compared to other industries as well because it's actually existential for them as organizations. Yeah, and that's where the ISACs come in too, and I'm interested in your thoughts, 'cause there are obviously so many different, financial services or healthcare or manufacturing generally dominated by larger companies with more resources. But then there are like dentist office, right? Got a ton of sensitive data. But they're never gonna be billion dollar organizations.
These are all kind of small organizations. And that's where, or we saw recently, agriculture, right? Okay. I operate grain silos, it's good business for me, but I'm not, I don't have a huge IT staff, nor will I ever. And that's where the ISACs come in as these industry based, let's work collectively to try and manage some of this information and get people informed about what's going on.
What are your thoughts on whether that model, obviously it works really well in like financial services and other sectors, but my sense is, it varies a lot from one ISAC to another, how active they are, how effective they are, and the quality of information they're distributing.
Jason Valenti: Yeah. I think, like you were saying too, there are a bunch of ISACs that I feel like they bring a lot of value to the organizations that participate in them and just the concept of being open and being able to share information between what would seemingly be seen as competitors in a certain vertical makes a lot of sense, right?
Because you're all in that space. You're all trying to do what's unique to you, but ultimately you're all faced with the same threat. And I think everyone could rally around trying to thwart that threat as much as they possibly can. I think you highlight something that the industry just hasn't figured out yet.
As you get outside of the Fortune 100, 250 or 500, the further down you go, like you're mentioning too, small to medium sized businesses are the majority. And there just hasn't been this sort of attention or adoption within those organizations. And there are some efforts, there's certain nonprofits like the Center for Internet Security in conjunction with Department of Homeland Security in CISA. They have some really good efforts going on there to try to partner with state and local governments, from an education standpoint to really help, small to medium sized businesses within their states, within their districts, get a little proactive and just even understand how important it is to have some sense around cyber hygiene. 'Cause typically you'll have a small business and the last thing they're thinking about is any sort of security. They're just looking to get their point of sale machines stood up, or some sort of inventory, computer or computers that they need to use.
Or like a network of dentists or doctors, who aren't part of like large healthcare systems. They're not typically thinking about how to defend against criminal organizations who want to steal sensitive patient information, or even financial information.
It's very detrimental to the individuals who are involved with those type of things. I don't think we've figured it out yet as an industry. I still feel like, a lot more could be done at that level. And it looks like there are some, not-for-profits and non-profit organizations, pressing on some of those buttons.
But it's a greenfield space. I just don't see a lot of attention right now in that space.
Paul Roberts: Yeah. One of the things that folks have probably read about recently are these typhoon hacks, these Chinese APT groups, and when I read about these, I'm sort of like, okay, these are, sophisticated nation state campaigns targeting high value targets, but- and I'm interested in your thoughts-
I don't know that their modus operandi, their MO, is all that different from rank and file, cyber criminal groups, ransomware groups in terms of how they're getting access to their targets. Their motivations may be different, but how these attacks play out isn't really that different.
And a lot of it increasingly seems focused on getting access, figuring out what hardware, software you're using, what your supply chain looks like, and then targeting that, the Salt Typhoon hacks, they're going after vulnerable Cisco routers, or they've done their research on LinkedIn.
They saw one of your employees, advertising this skillset with this platform. They're gonna go after that platform if what they want is to get you. So it seems like, are we a target, any organization? Absolutely, 'cause it's not just about you, it's also about who your customers are, who your users are. But I also can imagine companies being like, if the Chinese, if Salt Typhoon wants to hack us, what can I really do about it practically? And I think that's where you come in and companies like ReversingLabs is there actually is stuff that you can do about it.
What do you advise companies when you talk to them about, how to, start down the road of being able to push back, turn down those attacks by sophisticated actors?
Jason Valenti: Yeah. I'm not sure there's one sort of prescription or any of it, I think when you think about the type of criminal organizations that are behind things like Salt Typhoon and the approach they take it's obviously multilayered. You have the front end component of it, which identifies as ransomware or some sort of backdoor attempt at data exfiltration or just laying in, wait, reconnaissance, those type of things.
From a nation state perspective, that is of course, also highly coupled with an insider threat perspective as well. There's not only one alley that they're, walking down to try to attack, but it's a multi-pronged sort of approach at attacking, and I feel like, oftentimes the smaller to mid-sized business or an even consumer.
Oftentimes it's looked at as that group of individuals just doesn't matter. They're not companies. They don't need modern approaches. But if you think about it too, if you think about the primary motivations, a lot of the times of hostile foreign governments, it's to be able to disrupt and it's to be able to interrupt.
So you can imagine in a scenario in which some incident happened. Having access to, and the ability to interrupt and disrupt like large swaths of the American public's communication devices, phones. Their computers, they're now rendered with the inability to get information to get news.
Their TVs don't work, their mobile phones don't work. They have no internet connections or devices are locked up. So it's very easy at that point to have misinformation spreading and, slowing down of what's actually really happening. And I think, hostile foreign governments, they want that advantage.
And it's something that we can't let up on. So I feel like it's related to that problem we were talking about before that's unsolved. You have a whole entire layer of, folks that are here within the continental US that are oftentimes running poorly secured, very outdated technology, both within these small to medium sized businesses that they work in and or operate. And then when they leave, their own personal devices. I feel like I look at that as really more of an awareness and education problem. So I feel like that's an area in cybersecurity that has obviously grown, but it's an area that needs to be continually prioritized and emphasized at the state and local level to just keep folks informed, yeah. Because those folks own businesses and, they, they manage businesses, and those businesses are small and medium sized businesses. So the more informed people could be about these criminal organizations that would wish to do harm and disrupt, the better off we'll be 'cause they'll bring that knowledge in to the organizations that they work at or they run.
Paul Roberts: Yeah. It was really clear as a sort of old model of just secure your network perimeter and keep the bad guys out is totally gone. And now it's much more, you need to understand what types of groups are targeting your specific type of organization and what their methods are and what they, how they're likely to get in and do what they're likely to do if they do get in.
By understanding all that, you can protect yourself.
Jason Valenti: That's right.
Paul Roberts: But you're never gonna just keep everybody out, which was the old model. And in fact, we should note there's a or I should note, there's a there's a new Netflix series out called Zero Day.
That is kind of political thriller with Robert De Niro that basically is premised on this whole idea of a just disruptive cyber attack.
Jason Valenti: That's right. Yeah, you know the interesting thing too today, compared to 20 years ago or 25 years ago, you had a lot of different access points for the internet.
Yeah. A lot of different devices. Today, the whole world is basically either on two platforms, Android or Apple. Do you know what I mean? And everyone is using a browser to do everything. So the attack surface from that-
Paul Roberts: And probably one of two or three browsers.
Jason Valenti: That's right. These criminal organizations and hostile foreign governments need to worry about a lot less today. So the emphasis of being able to infiltrate, at the human level from an insider perspective, as well as a technology perspective. They have a more narrowed playing field now.
Paul Roberts: Obviously, it's hard to talk about technology these days and not mention or talk about artificial intelligence and machine learning. They're becoming a huge part of software development processes, but also, AI driven applications are really just washing into enterprises at huge levels and all kinds of capabilities there, both on the threat protection side, but also on the malicious actor side. What are your thoughts on how AI is going to change the threat intelligence game, as it were? Is it going to empower, the defenders, the threat intelligence companies? Or is it going to make it easier to escape notice?
Jason Valenti: I think what we've been seeing with this GenAI, and the different types of transformative ways in which people are using it. It's certainly game changing from a lot of different perspectives. From a threat intel perspective and a malware analysis perspective, I feel like these are such transformative tools that these folks could now add into their tool belt, to help abstract away a lot of the manual labor work that's associated with connecting dots and trying to summarize and understand vast amounts of information.
It's always very complicated to be able to do that, without getting fatigued, without having to context switch 5,000 times. If you now have a tool, and I like to use a lot of analogies with this. It's basically the difference of, cutting wood with a hand saw versus using a power saw.
You'll take the power saw all day. It's not necessarily going to replace the carpenter. It's just going to make that carpenter a lot more efficient, a lot more effective, and allow them to stay on task, on brand with less context switching and be very much more effective. But these tools also give that capability to criminals.
Paul Roberts: We know they're gonna use them.
Jason Valenti: And I feel like there's still a lot of unsolved problems within, the gen AI space in terms of interpretability and, security in general on how these LLMs work. But, I feel like there are a lot of frontier model companies that are doing a lot in terms of safety and security and trying to ensure that folks aren't using those technologies from malicious standpoint. But as you see, every day the news is changing. Now you could download a very capable LLM open source, as we saw with stuff like DeepSeek, or Llama, you could download these things and make your own custom versions of these and tune them and train them. So it's gonna be interesting to see how all this stuff plays out.
Paul Roberts: Absolutely. And among the things we've noted is, attackers are hip to that as well. And just like they've been targeting, open source ecosystems to try and worm their way into legitimate applications or development organizations. Same is true with AI and ML, right? Like they're targeting that development infrastructure too.
Okay, final question is the natural last question, which is, so folks wanna learn, if they're, heard what you said, curious about, maybe we should be looking to leverage threat intel more as part of what we're doing here in my organization, where would you recommend they go to find out more, learn more and get started?
Jason Valenti: Yeah, sure. Just drop a comment. My DMs are always open on socials, I'm on LinkedIn. If you're seeing this on there, leave a comment. The DMs are open and we'll go from there, and from a product standpoint, no pressure there.
You wanna have a conversation and understand stuff. Sure. I'm not gonna try to come in and try to sell you.
Paul Roberts: No sales.
Jason Valenti: Leave a comment or just drop a note in DMs. It'd be happy to connect.
Paul Roberts: Cool. Hey Jason, thanks so much for coming on, talking to us on ConversingLabs.
It's been great and really insightful. Thanks for your help explaining this, pretty complex topic to our listeners. Really appreciate it.
Jason Valenti: Thanks Paul. I had a great time joining and I'll be sure to note that Netflix show with Robert De Niro. I'll add it to my-
Paul Roberts: Zero Day man. Absolutely.
Jason Valenti: We'll see what happens.
Paul Roberts: One of the top watched films on Netflix. I've heard mixed things about it. As we know, Hollywood doesn't always get the details on cyber stuff, right?
Alright, man. Hey, thank you so much. We'll do this again, Jason.
