Name: State of Threat Intelligence 2025 (NA) | Bridging the Maturity Gap
Uploaded: 2025-12-11T19:30:25.104Z
Duration: 53 min 44 s
Description: State of Threat Intelligence 2025 (NA) | Bridging the Maturity Gap

Transcript for "State of Threat Intelligence 2025 (NA) | Bridging the Maturity Gap": Hey, everyone. Welcome to today's webinar. I'll give people a moment to get to their seats, get a drink of water, a cup of coffee. Probably too early for a beer, but, you know, I don't know where you are in the world. It's 05:00 somewhere. But we'll get started momentarily. Alright. Let's do it. Hey, everyone. Welcome to our webinar on the 2025 state of threat intelligence. I'm excited to be joined today by three exceptional speakers, which you'll get to meet in a moment, to help unpack insights from our report and provide their own unique perspective on how they're using threat intelligence or working with our customers that are using threat intelligence. But before we get into it, just a few quick housekeeping notes. The recording will be available shortly. That'll be sent around to the email you registered with. We won't be sending around slides. To be honest, it's about five slides, and one of them just has our pictures on it. So I don't know how useful you'd find that. But if you do wanna review the slides, you can you can definitely find them in the recording. And then questions are strongly encouraged. You can put your questions in the chat whenever they pop into your head. I wanna assure you there's no such thing as a bad question. You'll see Connor just posted in the chat. You can also post where you're from or, if you have any opinions that you wanna make, throughout the webinar, feel free to do so as long as we keep it PG. But with that, let's, let's get to our experts. So I'll have each of them introduce themselves and give us a bit about their background. And since we're in the festive season, I'll add on a little icebreaker for them, and ask for their favorite holiday movie as well. So, Jack, why don't you come on stage? We'll we'll intro you first. Hey. What's going on, everyone? My name is Jack Watson, and I'm a senior threat intelligence analyst, within the financial services sector here at Global Payments. Little bit about me really quickly, worked in quite a few different critical infrastructure sectors. So currently sitting in financial services, but I've been everything from health care to defend to the defense industrial base as well as the intelligence community. Favorite Christmas movie by far Christmas vacation. So National Lampoons. Without a doubt, watch it every year. Awesome. And, next, we'll bring up Omkar. It's quite the, quite the task. And I'll bring on Nick next. Hi. Good afternoon, everyone. Nick Reynold. I'm a senior intelligence consultant here at Recorded Future. I currently work on our US public sector team about I've been with the company for about four years. And prior to that, I worked, on more on the enterprise side, servicing our clients. Prior to Recorded Future, I spent about six years in the US federal government. I started the treasury department and then finished off at the, in the intelligence community, primarily working on counter proliferation related issues, and then finishing with, with more cybersecurity related focused issues. So, nice to see everyone here, and, hopefully, we have a good conversation. Oh, Yeah. and then my my favorite movie. Yes. So, without a doubt, my top one is, Nightmare Before Christmas. I'm a big Tim Burton fan. Been watching that since I was, like, a little kid, probably too early from when I was started watching that, in life. But I will say, Jack, I would say Christmas vacation is probably a very close second for me as well. That's one that is routinely on around the holidays. Awesome. And last, Sam Meinrock. I'm a team lead on our product marketing team. Better by recorded future for a little over four years now. My fun fact is that after the Mastercard acquisition, I have now been at two different companies that have been acquired by Mastercard. So a little fun fact for me there. But, let's dive into it. So, you know, now that we've met our panelists, I just wanna quickly cover our twenty twenty five state and threat intelligence report, which is the third iteration of this annual report. So the report was put together using survey response data from 615 cybersecurity executives and practitioners and compiled and analyzed by an external firm called User Evidence. You know, perhaps someone in the audience, was actually part of this survey data. But if you haven't downloaded the report yet, you can do so, in the resources section. And then on the slide are some key stats kinda pulled out to illustrate that threat intelligence has really become a strategic imperative for organizations across the globe. So 76%, we found, are spending over 250 k annually on threat intelligence. 91% plan to increase their spending in 2026, and 87% expect to advance their maturity over the next two years. So to help us really unpack the findings for the report and get their advice on improving threat intelligence maturity, I'll, I'll turn over to my panelists, and we'll start with why we might think threat intelligence is now mission critical. So according to the report, threat intelligence isn't just a SOC tool anymore. 83% now have dedicated threat intelligence teams, and more than three quarters rely on threat intelligence for frequent decision making. So, Omkar, I'll I'll start with you. But in your role, and if you can kinda describe your role to start, what are your primary use cases for threat intelligence, and how does it influence real decisions on a daily or weekly basis? Everyone. I'm Umka Nimbarkar. I lead the cyber threat research and intelligence team at Adobe. I've been working in cybersecurity industry for the past twelve years. Primarily, I've spent a decade working in cloud security, doing architecture design reviews, threat modeling, and, building automations. And from past couple of years, I'm I'm focusing on threat intelligence and building Adobe's cyber threat research and intelligence program. It's a pleasure to be here. Looking forward to the conversation. And as far as my favorite holiday movies goes, I like, Home Alone, the entire series. So I'm going to spend time watching watching that entire series throughout these holidays. Yeah. Amazing. Jack, I'll turn it over to you. Obviously, slightly different space being in financial services. Do you find, you know, the your primary use cases to be slightly different or, you know, fairly similar? I think, overall, I'd say pretty similar. You know, of course. So I'm I'm more on kind of that, end user that, side that Omkar had described. Right? So, me and what my team does specifically is sort of that that research, that investigation, doing the actual tracking and monitoring right of the current threat landscapes. And I feel like a lot of, you know, threat intelligence organizations across different industries kind of do the same thing. But the difference, right, is, like, each industry and each team, each organization has a different, what to be concerned about, right, thresholds. So, for us, for example, like, you know, what we do leads, determinations about what to hunt and, what adversaries our red team should emulate. And then, of course, like I'd mentioned, right, our our threshold for what to be concerned about kind of exists more along that, financial services space. Great. And then, Nick, over to you. Obviously, you work with and have worked with a number of recorded future clients. What do you tend to see primarily be the the use cases that they want to improve or kinda introduce into their organization? Yeah. Thanks, Sam. So I'll take a little bit of a different tact here. I I think one of the things that has come up routinely with me over the past year for sure, as it relates to threat intelligence and and making better use of the intelligence that they. get from Recorded Future, So I will begin with my role. understanding, I lead this Habitat Research and Intelligence they should. prioritize, for have a team threat security perspective, researchers, behavioral as well as, day in and day, you, know, the traditional tracking, is to keep a tap on evolving. threat landscape are two, things where when I've worked with, teams that have said like, hey. We have a, whole bunch of different data feeds. make sure, have, all our information. defense posture kinda swimming in information. figure out, like, We wanna really find a way to synthesize that, materialize and then that way, our makes. it a lot easier to understand, alright, for the vulnerability of the use cases, which one have, should be and as we build this program, on we focused on all three verticals to an intelligence, intelligence tactical, informed, program for that? intelligence. So one of the things that different done with clients, if they haven't those three verticals. it in the platform, Primary ensure case they're actually making use of those priority, threat actor maps and the priority malware and. actionable insights, It it's a to combat know, threats depending they arise, where an organization is and their, the stakeholders know, their threat intelligence team and cycle and their maturity process, so that we have, we do have to typically do some some, around whatever is happening in the environment, some work prior to actually is, behind it, and start, predicting priority threat actor map and might malware. be able to, next in our environment. having organizations better understand where they should be focusing on in terms, of threat actors and, piece. And other one is also huge step forward and I think lays, the groundwork for a lot of other work that we do with them, workflows and teams, as it relates to, our different, formalized engagements Adobe. with the court of future. The second is operational intelligence, Yeah. where. primary use case is, talking about expanding on intelligence that we are getting from external business, community, Omkar, obviously, evolving threats that we are seeing across the industry, massive business that, intel product lines. and using that as a means have you kinda used threat drive, a lot of the threat hunting activity in our environment, drive different outcomes, also, workflows, using visibility as a means to instrument teams, new detections know, to monitor in the security org? activity in our environment. And the third pillar is strategic intelligence, which, comes down to your second part of the question where, really the use case over there is once you have covered, like, tactical and operational intelligence, all of that falls into strategic intelligence. Because once you start doing this day in and day out, you uncover patterns in your environment. You uncover what your posture looks like, where your true risk resides in, and use that as a means, to, inform business on the changing threat landscape for better decision making. And, over here, we really use it as a means to brief executive leaders, and provide regular threat briefings so that they can be well versed around evolving threat landscape, have better understanding about where our true risk lies, and then come up with better plans to prioritize and remediate those risk in our environment. Amazing. And, Jack, I I watched your presentation at our at our Predict conference, back in October, you know, talk about how you kinda uncovered some different fraud campaigns. But if we think about, you know, how we help with strategic decision making using threat intelligence, what are some of the ways you've gone about doing that? Yeah. And and I think I kind of alluded to it a little bit, so I'll regurgitate my my presentation just shy, here or, like, a little bit here. But, I think one of the biggest things is, understanding that one alert opened and one alert closed does not necessarily equate to one single adversary being stopped has drastic impacts on how, intelligence is approached, right, and how decisions of the business are made, whether that's from a security perspective or something else. Right? And so understanding that adversaries, whether one or many can be approaching your organization from multiple facets, right, just kind of changes how those strategic decisions are being made. Because now it's not just, oh, well, make an alert or add a block for this or that. It's like you have to do this further research and investigation. You need intelligence teams to be producing intelligence that can help make and drive those strategic factors that at the end of the day, everything is not just tactical. Right? But it's a much more holistic approach to looking at at problems. Again, shifting away from that alert focused, right, or, like, the the going towards the behavioral. Right? So things like that really, really matter. Yeah. Nick, when you are working with our customers and and maybe actually going up the chain to talking with executives, how do you explain the value of threat intelligence? Well, so that's one of the biggest questions that pops up for us because, obviously, as I'm sure any everyone on this call is aware of, money does not grow on trees and, you know, organizations and specifically threat intelligence, CTI teams are you know, they're dealing with limited pools of resources that they have to you know, all of the vendors and tools that they have, they're constantly having to prove the value of that. So when it comes to, describing why threat intelligence is useful, it's almost I usually try to frame it with clients as this is a foundational part of your intelligence program. And if you use it correctly and it's and it's shared the intelligence is shared with the the necessary and correct stakeholders on different teams, you're almost as, you know, an intelligence professional for a CTI team. You're serving as, like, the point guard. good question. You're throwing, up the the layup. as as I, started building know, this program at, Hadoop, my initial that basketball definitely, on internal, stakeholders within the security org. and how they can find, they get more wins, it's gonna reflect overall intelligence those CTI teams that are. delivering the useful you actionable navigated that. and get a good got a good handle specific client, on your internal is there, is one of mine in the past that, it's a good time to expand it to the external stakeholders. our identity intelligence as. you mentioned, like, Ruby were getting. great, We have different were getting great feedback from. them on the Kade. So we are figuring some really good info stealer malware provide here that we threat feeder visibility into different. products and services, But then one of the things that popped up that we realized was, kind of an issue was they said, rich not really communicating with our IAM team, or, we're not we're not sharing this intelligence, with them. And, monitor, that's specific red flag for us. We're like, well, and do, they're they're the the key stakeholder that you want, to see that. So any events a lot of kind, of back and forth, in their environment garnered that initial, to also to block activity know, in some cases. that, we have with our our direct stakeholder confident used, indicator, use that to open up a new conversation for the IAM team. malicious, And it was like, you know, high degree of jelly, once they they started talking more, and and started making better use of that intelligence. a means, to product kind of one mini they can go and figure, out how they can integrate, getting connection with the correct teams, and then block of value for, for the the work that's put in the initial, investment, with intelligence, or other, can really, types of indicators in their, environment. provide But, a much better downstream effect, since Adobe is huge, and we have different business leaders. lines, it Now does anyone one standardized any. basketball, there is no one size that fits all. they're at it? So we are going through that challenge right now where we are figuring. out how this can be. integrated more and more think about different business units. the report, But our initial, focus has always been the value that threat intelligence security provided, organization we're seeing and then expanding it to rest of the business. planning on increasing their threat intelligence budgets for next year. How much that may be, I'm not exactly sure, but there is certainly strong momentum behind driving investment. So, Onkar, I'll I'll open it up to you, but half of organizations, based on the report, now consider their program to be advanced. You know, how would you describe a a more high maturity team as functioning? Yeah. No. It's that's great. And and, Jack, curious to get your opinion. Are you kinda following the same track, or is there anything, that you'd wanna add there? opinion, maturity. of really. threat think comes it right there. you have done all the foundational for taking, on my, like, taking on my beautiful content now. that I mentioned, I I think, truly at its, core, and strategic. That is, a, a mature organization that you or team really in this instance, reach, is classified of those categories. its ability to, you have done that, both it, is more about efficiency that intelligence. that they're able to, Once you. have? identified it's workflows, for example, the issue is in, the way guess, that even the issue. threat? sheets ability to ingest your indicators hasn't ever been your. detections. Right? A lot of things are such, like, turnkey, built a nice automation, over there, right, we see that it's also never been harder to sift through. will? aim for, we're seeing more mature, organizations going to be making things that you have high fidelity, of indicators, using tips, the board so so that you are all, kinds of fun things like that, like developing custom capabilities ratio do reduced of this, collection and action, you have more, high quality unique ways. But at the end of the analyst it is more effective, and looking, at. and to make that determination for why intelligence, is important. But, understanding who, do wanna emphasize the portion how. It's not about doing all these. things so that you can hit a higher quantity, getting in front of the stakeholders being quality. and having? So we're seeing mature organizations detections engineering, or threat hunting also similar sure the quality of what they're red team, is is, above par. that Jack? You. don't just wanna be spitting, out random that, AI props. relationship and workflows is one. thing. No one, wants, the, the AI slop your adversaries are and how, they are targeting you, what their TDPs many things. like, But, what are those, automatic know, you've you've worked with many of, our customers and how on the lower end of maturity. provide this intel to the stakeholder think they can take that next step to kind. of realize then collecting metrics. that that Jack, and Omkar the outcome talked about? that your threat intelligence program had. overall I think on the lower end, those teams? How many and, again, detections end of maturity could be that as a result of intelligence that was CTI shared? team or hunting would say in more cases, or operations were were run by hunt team not, or red situation that I've run into the intelligence there's was person who's wearing, your, team? four hats and, threat intelligence the quality one of them. the intelligence? Was it just like, CSO, was like, you're doing this in addition to your other work. So in those we are just you're trying to take you. as much off of that person's the job of, threat intel least in my role what threat intel team. should be doing is understanding, And, I think one of the things reports, that that they can, do because if even if it's a single, individual, if they have the correct questions that they can ask of their stakeholders, that for your own organization, to a point where they have it actually requirements for your end stakeholder. feeding into the intelligence the, key here is actionable is one thing that I I see for. a lot of mature want to organizations. You know? get to a threat organizations was active a the industry, person who's, like, like, sole focus is doing collection, and you're only getting to it right, now. So what it's really in, the game of getting ahead the the correct feedback goes back into that intelligence cycle. loop. So for the lower maturity on maturity, orgs, in my opinion, sometimes just getting a can, make all these workflows more and more efficient, intelligence requirement them as much, as you can, especially using gonna. put put them on a really good path, forward, we are we all are seeing so much working with with limited resources the industry in form of EIs and LLMs. them to understand, like, hey. Then maturity CISO cares about a, these, technologies c. to while we do have collection faster c, at, what they e, are doing so that they don't have to kind that we don't have the time the reports the ability to focus on that first. what's in that for. the low hanging fruit and ensure any what we're pulling in is relevant environment, or is there senior, leadership's related. vulnerability in your environment, Because at the, end of the day, You can actually use AI senior leader kind, of analyze that entire to be, report, you know, take out relevant or providing from those reports their suit whatever, piece of intel, that might have might don't wanna be providing your the incorrect stuff that then, probably reflects poorly, like, automated your intelligence sweep. So I would say for the and kinda up with granular that, analysis for the lower your teams, CTI analyst, actually spends more time analyzing intelligence results and doing your your necessary after that than, doing, a lot of the foundational before, you can kind, of get down into any of the more advanced. workflows. So all of that could be automated. And. in know, my. opinion, Jack, that's the maturity. know I asked you guys, once you have achieved a high maturity, once you have, threat intelligence program looks like. these workflows, Do you have any advice have automated as much as you can and optimized and made the audience efficient, who and you think of themselves more as low maturity across, your environment advance devote a? little bit more on strategic intelligence. In my opinion, that's, like, a very good maturity and a advanced need for a CTI program. No. It's amazing. Jack, any anything you wanna add there? Yeah. I think I'll even take it a step back from that too. I think one of the big things too is actually, like, you know, the the know yourself or know thyself mantra. Right? Like, understanding your organization's products, right, its environments, etcetera. I I I think Omkar did a really good job explaining, like, understanding and making it clear that a CTI team is a dedicated function. I mean, I think CTI analyst almost kind of act as a jack of all trades. Sure. There's, you know, niches and specializations, but, a lot of times, stakeholders can actually see interactions with you, especially as you're just starting up as, like, actually more work than benefit. Right? So coming with a list of ways that you could help or even problems that you might foresee just by doing research on your organization, perusing your Internet site, right, can allow you to be met with, like, much more, you know, warm welcoming arms as the, hey. We're here to help, not give you more work. Right? So I think those things are really important to consider as well. Definitely. And then moving on, thinking about what's still hard for security teams. So one of the things that, you know, we love to do with this report is be able to interview such a wide swath of people that are working in the threat intelligence space and understand what their pain points might be. So some things that we saw out of our respondents was they, when looking at the threat intelligence vendors they use, you know, they found lack of credibility, unable to integrate into other tools, information overload. You know, you guys have obviously been in the threat intelligence space for for a while. When you talk to your peers or even some of the challenges that you've experienced yourself, what are the the top challenges when it comes to really being able to operate operationalize threat intelligence? Jackal, I'll turn it back over to you. Yeah. I think the biggest one that I see, just kind of across the board, and I've definitely said it before, really is information overload. Like, it it it is it is so easy now. Almost every tool and feed has an API or an RSS feed or, you know, a custom built in integration that it really can, present challenges, right, to develop methodologies to prioritize the information. Right? Because it can be so, subjective that the solution then becomes, oh, well, I should just collect everything. Right? Which then kinda leads to more information overload and subsequently burnout. Right? So making those determinations are super important, but it's super, super hard. And I definitely see that and not it's also a problem I don't foresee start away, anytime soon, but finding the happy medium is can have be the solution. And what that looks like. is gonna be different across each, organization. threat intelligence or even detection engineering, don't we call right now, our marketing threat hunting, used to be part of, to, all of the data team. and. to all, of the APIs? all of these. functions. Well, I mean specialized I'll and I'll also their own. specific mean, use cases. more data is always we see dedicated data, teams across. you. have to start with the big lake to get, the magnifying. glass. I would? start you, don't, wanna you don't wanna be, doing, everything, how you can have wanna be doing not enough. intelligence always having the baseline what your strategy would look like. a great start, you you need to understand able to whittle it down or, else it's useless to you. that you can start. Yeah. marching a great point. specific direction. Okay. Over to you. And once you have do you tend to see? vision, that is clear and, you have, like, a really good North star, then it's more about figuring out the foundational stuff. As Nick mentioned, like, understanding the requirements, collection requirements, and what really matters to your stakeholders. Like, go and, do interviews with your stakeholders, sit down with them, and understand what actually are their pain points, what the data that you have from intelligence perspective, the threat feeds, indicators, different types of, briefings, how that could be useful to your end stakeholders. Really sit down and instead of boiling the ocean, prioritize one or two, stakeholders where you really have the data and you can show some progress and wins. And once you accomplish that, then then move your way across other stakeholders. But really start small, demonstrate success to your leadership, to your organization, show some success in terms of outcomes that you are getting and value that you're getting out of the threat intelligence function, and then scale eventually. Amazing. Now, Nick, when you start working with, some of our clients, what are they maybe have been burned by in the past or are like, I just I don't like threat intelligence because I usually have these types of challenges. I don't know if there's one that comes to mind for, like, something that they were burned by, but, a routine piece of feedback that I hear from folks is, like, I I have so many tools that I'm dealing with on a daily basis, and, like, I I like working out of, this tool primarily. So, like, you know, something that comes to mind and and, again, it actually is a good segue to what Umkar was saying before about, you know, the importance of integrations. I think there's so many different good tools out there for for whether you're a CTI analyst or if you're just working in a SOC. You know, there's there's a lot of good information that I think tends to live in silos. So, my experience, that's one of the things, in the the four years or almost four years that I've been at Recorded Future that I think we've made a lot of progress on is having better integrations and having easier integrations. So, you know, historically, maybe it was a much more, piecemeal process using APIs or using, like, custom scripts that folks built. Having the more, you know, more of the out of the box integrations, I think, gives clients the ability to, consume intelligence in in the manner that they want and the location they want. That might just make their lives easier. You know, certainly, there's benefits of living within the the front end UI for a recorded future. There's a lot of, you know, that's that's where I spend most of my time. But, again, when you put yourself in the shoes of that, of the the downstream stakeholder, that's not at a vendor, they might have a tool that they they really enjoy. So, you know, ensuring that they have the correct integration set up, you know, one thing that comes to mind is our our our integration with Splunk. You know, for a client would double that was doing the information overload hunts in the past, that Jack mentioned because know, that is the theme discussed I am also ability across the industry, have automated for it hunts a lot, of new tools, within the mark, like, saved the market. a ton of time, and it, was something will, go back think, to the AI and advancement and, meant in AI. assumed has folks so much that integration connect and integrate a feature. with different was like, hey. and ingest up on a call, across they didn't. realize that that was something they can do because they were, fairly are seeing the team. growth, in, the data, that to me is like a you are just, consuming and ingesting. that saves them a ton of time only use their lives can, make sense out the long data. and, figure, out what really is integrations actionable sure. is something that comes to mind. as Jack mentioned, like, Amazing. any day. we would prefer having more data than or no data. into even, like, looking ahead have the future, data, figuring out, but, before you can contextualize, different elements free that data, to ask any can normalize might have. data firstly, Obviously, what your schema, would be so that you, can contextualize experts correlate very well respected, companies and then, the dataset that, you might be handling. our, internal from of, experts. based on context, what you do have any can derive is going to be the key. how should I be using threat intelligence, you to do can I improve, you need to, have integrations as well, what is yet be looking for feel. in, So informational hire, load is first, and second, is integration because for ask, you to contextualize on this, session? you need free to drop those questions in. in place I'll get to one more question that we have for our panel. support various types of integration in you to contextualize. report, we found simple example of this could be, like, a indicator on its own is not useful. Like, evolution example, IP address. of their threat intelligence of the time, IP address on its own is not useful, to twenty four months? need to contextualize So in terms with, like, Jack. what is the were? gonna advise Is is this a known IP address, used by any threat actor, on where they should focus this part of any campaign when it was last next twelve to campaign? twenty four month period, are different elements, what would you advise them to your? security teams need to ask to the data. And I think it differs until per contextualize, but I think different of, a good blanket a single tool on its own won't be able. to provide now we're seeing, of course, the context, that you need. large, So you need to integrate with being made, in AI and things like source, And I hate well be the guy that just preaches about to you know, how useful. it is, And you gotta do this, do the tools need to support least from a threat intelligence you, to actually, make it more the technologies we're gonna see that are gonna advance stakeholder. significantly in the next twelve to twenty four months, let alone the next five to ten years. Right? So figuring out ways that it can be useful or advantageous for your organization is gonna be huge. Right? Because they're technologies that are gonna constantly be advanced. They're gonna keep getting new features and new capabilities and things like that. Right? So this is a technology that exists that's going to be extremely scalable. Right? And it's not often where we see, a technology or a tool or a platform where you kind of don't know what it's gonna look like, but in a good way because of how advanced it's gonna be. Think about it as a a tool or capability that's got no budget. Right? And so that's something that can be useful for you because for free, you have access to almost everything that you need, let alone for a small price of, you know, whatever chat g p t's AI runs. But it's gonna be there for a while. It's gonna be super thought out, and it's always advancing. So just think about ways that you can use that to your advantage. About $20 a month. I think I just got my, statement on. that. So expensive. cut it from the budget. Omkar, over to you. I I know you've done a lot with AI. Is that something that you should be focusing on, or is it kinda somewhere else? Great. And, Nick, to round it off, you know, if you're going into, customer business review and they're asking, Nick, I need to know what I should be focusing on the next twelve to twenty four months. Where would you steer them to? Something that for that's come up routinely over the past, several months, but certainly in the past few years as well with my clients is, is that they tell me that they wanna get away from the the reactive defense aspect and more proactive. So one of the things that comes to mind is, you know, threats to their supply chain as, you know, primarily that over the past several months has been from from ransomware, from my direct clients. So I would say getting a better handle on and working with, like, maybe third party risk management teams to to better understand what your supply chain looks like from a both hardware and software, perspective. But, and I think when it comes to being shifting to more of a proactive defense posture, a lot of that what we discussed already, you know, you have to build those, the baseline for for healthy intelligence programs to get to the more proactive, aspects. So I would say, you know, if there's any low hanging fruit over the next twelve to twenty four months for for organizations, regardless of where they are in the maturity, scale, I would say ensuring that you have good solid, relationships with your stakeholders. And in terms of it being a two way street, getting getting feedback from stakeholders on the effectiveness intelligence, of the intelligence you provided, but also better, communication with the teams that, you know, maybe prior to, the past few years, maybe you haven't working with them that close. So understanding what, what the different stakeholders within your organization care most about. And, certainly, you know, one last thing I'll mention about AI because we you know, Omkar and Jack were just mentioning that. I certainly, it really depends upon the AI tool you use and and how you. use it. Absolutely. I I'm of the belief would definitely expand on what use it correctly, it shouldn't I don't think, folks should really, view it as like, oh, actually thing will eventually have been doing job or something like that. as well. Not to say that there isn't threats to that, for would, also say, like, using AI, other a, means to connect, the CTI, like, external intelligence to your, internal data, it as an effective tool in your broader quicker, signals think, just makes you more effective, results, at you know, as a result. based on the correlations. And one one way just to give you an example, you know, that, using, like, think about the scenario where, AI, there are, example, like, external reports, to, help build reports, threats, something like taking away evolving that, threat landscape where, would have spent would have required you to spend so many of man hours come. out every day, try to figure actors ways to use AI, to just, threat actors, automate after the the boring things that, I don't wanna do in my daily job. threat, actors going after think if, the specific the extent the, organization allows and, stuff like that, or they're going after different AI. tools, certainly compare them, a lot to keep on tap, use the ones that, on top of. make your lot your your day to day job, kind of analyze. all this emerging threads, but also. married. with internal data. So your AI shouldn't be only up to to questions giving the audience, analyst, but, hey. This is, like, new thread within the industry, myself, actually. but it should go a little bit beyond that. all kinda covered integrate with your internal data. question, Like, for example, concerned there is a phishing campaign we be with are indicators, or if there is? a research that has been done released a blog campaign, that one of our our researchers can do a fleet sweep about your Office, three sixty five or whatever hype that you might have? for email, to track down phishing campaign start with Jack. if you're seeing any activity, how do your environment of view this quickly new can pop that alert? to your soft team or incident response team to go, Yeah. I think I think we're kind of just on the cusp of it. processes. I really think we're gonna get into it here probably can the next five years if I had to guess. evolving, threat landscape an analyst, and connect that say likely. your internal, data streams, in reality, the faster you will become. starting to see, And focusing on this for next twelve to twenty four months is going to be the key because exist just outside not going to slow down. the scope. They are just now, going primarily, we're seeing keep on, exist as a way to expand the scope that, like, faster campaigns their campaign, can reach, especially. using I. can do that in a very, figure out nice defenders how But I don't remember if it's prompt prompt be, much excuse efficient it's prompt faster at defending an article about it. where, there was I think again, you're you're gonna have to go and look it up because I can't give you the specifics. But, essentially, the first time we're starting to see, AI created malware that's, you know, almost acting based on the adversary, like, operating system. So it doesn't define or deploy its its actual shell code until it looks at, and then it will create based on the, based on its target kind of operating system or environment. Right? So we're just getting there, but it's not quite there yet. But I think that if I had to make one big prediction, as soon as one person does it, you're gonna see everybody doing it. It's not gonna be, like, one or two adversaries group doing it, but it is going to expand quickly very, very quickly. That's a very interesting take. Or Nick, anything you wanna add there? Great. Although, kinda kinda scary. Nick, any anything you'd like to add? Well, so I I saw that there was a question in the chat here from Chris Woolley that I think, you know, I'm happy to to take a take a stab at here. It's, the question was, do you foresee a time when an AI can replace a junior analyst, or should we always have a human in the past to response slash reporting? The way that I view it and, again, it's hard to predict where we will be as it relates to AI in two to three years from now, let alone a longer period of time from that. But I would say currently and on on the on the trajectory the trajectory that we're on, I don't view, you know, more junior, quote, unquote, junior analyst roles being completely eliminated. I think it's more likely that we'll see them evolve. I think the future analysts are more likely to become, you know, more subject matter experts where they leverage different AI tools, you know, to handle routine work, and then really kind of focusing on the the unique human skills, or on high value tasks, understanding, like, what their you know, the human aspect within a leadership chain, what they want. That that sometimes is not as easy to for an AI to understand if, you know, just looking at data. So I think I don't expect those roles, at least currently, to go away entirely. I think the successful ones will utilize those tools to their advantage. And, you know, I think by doing so, it should allow them to to really kind of, show to their leadership why they're a useful, you know, cog in that machine, so to speak. Yeah. I think back to, recent conversation with you had with our CISO, Jason Steer, where he talked about how kind of some new, new product development on the Recorded Future side has helped one of our interns be able to run threat hunts after only a few weeks on the job. So being able to really lower the barrier to entry, for less technical, workers, I think is, an interesting look at how organizations can leverage AI. But, Jack, Omkar, interested to see your take. Sure. So as as Jack mentioned, like, initially, when AI trends started picking up, across the industry, we started seeing a lot of the fakes, impersonation, and also really good fish emails. Like, you can't really distinguish just by looking at it whether this is a real email or a fee or a fish email. So that's how it started, but then slowly going into the malware space like, prompt flaps that Jack mentioned. Also, if you read out the latest report that, I think it was Anthropic who came out with in terms of how adversaries are using, their tool to carry out specific operations and target, specific victims, based on, those campaigns. So this trend has just started, but it is going to Yeah. I think I'll echo bad over Nick period Omkar years. said. I don't think it'll replace, And the really downside think what a junior this looks like in the next five years is going to change, drastically. initially, there used to be sophistication in the long term, we used don't worry. about, from, adversarial perspective. just to echo the fact to be nation state actor that position will look like and what they actually do would have, just, really good there always will be a, junior analyst. in their arsenal, will be a human. to kind of, carry out those sophisticated Great. attacks. And I know of AI, are has brought that sophistication, so everyone across the board, which has which has our presenters. because of which we will start seeing if of, you have not downloaded the 2025 growth of threat intelligence attack campaigns yet, that we will see across the industry. can do so in the docs tab or on the recorded future website. But thank you again for everyone, attending today's session, and, a big shout out to, each of our speakers. Thanks very much, everyone. Thanks, Thanks. guys. Take care.