Threat Intelligence Feed is for Horses

October 13, 2016 | Russ Spitler

Threat Intelligence Feed. There, I said it. I have not said that phrase in 5 years. To me, that is the worst phrase in the InfoSec industry. I often find myself in conversations where people use it, and at first I swallow hard and pretend it doesn't bother me. I will engage and try to let it pass me by, but half of my brain is racing. Every time it is used it gets just a bit worse, a bit harder to stomach, a little harder to focus. Have you ever found yourself far from where you have grown up and facing someone using 'pop' for 'soda' or 'grinder' for 'sub' or 'oreegone' for 'oregon'? You can deal with it at first, you say to yourself 'when in rome' and you grin and enjoy the cultural experience. But you aren't ok with it - not really. You want to shout "NO! You mean 'nevada'" but you are too polite. You silently deal with it as a part of your soul dies, as one more fairy loses its wings.

Threat Intelligence Feed is a horrible way to describe the effort, time and care that goes into the intelligence that powers our security programs. The people who are behind these 'Threat Intelligence Feeds' are some of the hardest working, brightest, most imaginative people we have. They spend hours crafting signatures, verifying reports, reversing malware, digging deeper to make sure that we can accurately detect the latest threats. How can we use the term feed for an effort like that? To me, feed is sold by the pound and given to horses or pigs. It is the basest of commodities; it is the word we use when we can't even bring ourselves to call "food".

This is why AlienVault is powered by a Threat Intelligence Subscription. It is not the best term, but it is a small effort to recognize the effort made by the hard working researchers who come to work every single day fighting a battle that will never end. What they produced is not available in a mercantile store, it is a premium offering, it is something to value, it is what makes our lives just a little bit easier as we strive for better security.

Russ Spitler

About the Author: Russ Spitler

Russell Spitler brings over a decade of experience building products and startup companies that secure companies across the globe. Russ currently serves as the AVP of Products at AT&T Cybersecurity where he is responsible for cybersecurity product strategy and the execution of the cybersecurity product roadmap that has resulted in the acquisition of over 7,000 commercial customers and over 20,000 open source users during his tenure. Russ was also one of the founders and a driving force behind AlienVault's Open Threat Exchange- a crowd-sourced threat intelligence community with over 100,000 active users from more than 140 countries. His leadership and focus on practical and effective threat detection has helped establish AlienVault's open-source and commercial products as an undisputed industry leader. Prior to AT&T, Russell served in engineering and product management roles at Fortify Software. Russ was instrumental in developing and maturing the Fortify product suite that dominated the application security testing market earning the leadership position in the Gartner MQ for 11 straight years. Fortify's 750+ customers included all 10 of the world's 10 largest banks and all the major branches and agencies within the US DoD. Russell frequently contributes articles and quotes for major news outlets and regularly presents at industry conferences such as RSA, and BlackHat.

Read more posts from Russ Spitler ›


Watch a Demo ›
Get Price Free Trial