RSA 2015: Intel SVP looks to Moneyball story to inspire offensive strategies

At RSA Conference in San Francisco, Intel Security Group SVP and General Manager Christopher Young challenged the industry to write its own Moneyball story.
At RSA Conference in San Francisco, Intel Security Group SVP and General Manager Christopher Young challenged the industry to write its own Moneyball story.
Christopher Young, senior vice president and general manager of Intel Security Group, told a group of security professionals at RSA Conference 2015 that the industry may need its own game changer, or “Moneyball” moment, to effectively go on the offense.

To underscore his point, Young, who gave a Tuesday morning keynote in the Moscone Center in San Francisco, brought Billy Beane on stage during his talk. Beane, the general manager of the Oakland Athletics Major League Baseball (MLB) team since 1997, is known for making the decision to use sabermetrics (a statistical analysis of baseball data) to build a winning team in the Oakland A's – which went on to win 20 consecutive games, an MLB record that inspired Michael Lewis's 2003 book, “Moneyball,” and the 2011 film by the same name.

Beane said the filmmakers “nailed it” by casting Brad Pitt to portray him in the movie – but that, in all seriousness, the movie's depiction of collaboration, among individuals within and outside of the sport, was a key takeaway for security pros facing their own challenges to beat the odds.

According to Intel's Young, the security industry is going to have to take some risks to make headway in thwarting evolving attacks.  

While many in the industry have long-embraced the value of data analytics when scrutinising threat intelligence, Young offered that we're not getting gleaning enough, or the right, insight from the intelligence, alone. Instead we have more data, and more alerts to deal with, he explained.

One way to gain more insight from threat information is through focusing more on linking threat indicators, or alerts, to attack campaigns known throughout the industry. He also offered that the field may have to change how it implements or deploys security tools for clients, so there is “more of a partnership, than a product relationship,” between the security industry and organizations utilizing their offerings to deter attacks.

“We need to think differently about the data we've got,” Young said, before highlighting limitations facing the industry. “We've begun to place a premium on insight, but are we getting more insight or getting more data?”