5 Questions with Joep Gommers, Founder and CEO, EclecticIQ
1. Why did you decide to make a career in the cybersecurity industry?
As a young professional, I was exposed to the realities of cyber espionage and network warfare in a time where the security industry was mostly about theorical attacks that drive sales of new security products. My mission has always been bringing the reality of cyber threat into the cybersecurity trade and aligning security efforts with threat reality. Now, more than 15 years later, the threat landscape has grown exponentially, and the need to understand the threats most relevant to organizations and enterprises is as big as ever.
2. Prior to cofounding EclecticIQ, you worked in the threat intelligence field for many years including iSIGHT Partners. How has threat intelligence evolved over the years -- and when is it most useful in investigations?
Although not branded as threat intelligence then, vulnerability and exploitation information was the first actionable intelligence offerings we saw in the market – informing when and how to patch vulnerabilities sensibly. When we launched the first commercial threat intelligence offerings in the market at iSIGHT Partners, the focus was almost the opposite – strategic intelligence to enable business executives to understand how to use their resources most effectively. Given that the threat landscape is too vast to defend against, business executives needed to ensure that investments in IT and Security aligned with threat reality – maximizing return on investment. In the years after, the industry has developed a strong emphasis on more operational and tactical intelligence. Answering questions like who is the adversary?, what capabilities do they have?, how can we observe them? allows organizations to deter threats. Thereby, designing a proactive security posture that protects their systems against known adversary capabilities.
Further, threat intelligence provides valuable insights in incident response situation; staying in control by understanding enough context to keep the high ground, and reducing time to detection and time to remediation.
3. Why did you cofound EclecticIQ?
Threat intelligence is only valuable when used effectively. We founded EclecticIQ to help organizations turn threat intelligence into business value, by helping threat intelligence analysts consume, analyze, produce and disseminate intelligence. Additionally, we thrive to help security operators, risk managers, executives, threat hunters and incident responders use threat intelligence effectively in their practices. EclecticIQ Platform provides the technology stack to enable analysts and improve detection, prevention and response. EclecticIQ Fusion Center offers our customers access to the world leading intelligence suppliers – like Farsight.
4. What is the value of Farsight DNSDB, historical passive DNS, in today’s cyber investigations? How do Farsight Security and EclecticIQ together provide a unique value to organizations?
We connect the world’s leading intelligence suppliers and contrary to popular thought, there isn’t much duplication in the market. Farsight helps us connect the dots between suppliers. It creates the context required to do proper investigations across data sources. Additionally, when we look at how actionable intelligence really is, adding context to indicators of compromise through Farsight’s products has shown to be invaluable in understanding where cyber threats start and end. Meaning that without context provided by Farsight, we miss opportunities to detect, prevent and ultimately respond better.
5. Adversaries can remain undetected in a network for months, sometimes years. What can organizations do better to close the gap between compromise and detection?
It’s not always about having the data, but equally about connecting it: Connecting telemetry from the network to telemetry from end-points or connecting threat intelligence with telemetry to support detection and response. We don’t spend enough time considering how to connect these dots. PassiveDNS, Whois information and other meta data improve the ability to close the gap quicker.
Joep Gommers
