Proactive Security: Leveraging Data for Advanced Threat Detection by Justin Borland | Martech Edge | Best News on Marketing and Technology
GFG image
Proactive Security: Leveraging Data for Advanced Threat Detection by Justin Borland

cybersecuritydata management

Proactive Security: Leveraging Data for Advanced Threat Detection by Justin Borland

MTEMTE

Published on 2nd May, 2025

1. How can businesses leverage applied security data to enhance threat detection and incident response? 

The book is a great reference guide for measuring maturity and leveraging what you have effectively.  It provides several easily adoptable methodologies to help holistically manage and utilize your security data.  From discovery, to ingestion, to analysis and reporting, these methodologies provide sustainable frameworks upon which to improve and build.  Learning how to measure your detection hypotheses and the required data to signal effectively will lead threat detection teams down a much shorter path. Real world examples of streamlining ingestion, processing and analysis will quickly enable your teams. 

2. What best practices should companies follow to ensure secure data collection, storage, and analysis? 

Know your requirements!  Governance is critical, not just to maintaining compliance, but to developing an effective program which can quickly evolve to counter threat actors with new hypotheses.  

By ensuring governance, engineering, and operations teams are all embedded in your security data strategy you enable both rapid response and innovation safely. 

We want all teams to be able to evolve quickly, run with scissors safely, and affect change within your wider organization to achieve desired outcomes. 

3. What are the critical metrics and KPIs for evaluating the effectiveness of a security data strategy? 

Seek to understand your own organization, your risks, exposures, and adversaries. Building processes, procedures, and adopting methodologies to measure this repeatably is paramount.  

 Start with basic health and observability: 

- Feed fidelity & health (up/down time) 

- Feed usage (number of detections per feed) 

- Feed efficacy (number of true positives per feed) 

 What can be done with what you have: 

 - What can I effectively signal on? What can’t I effectively signal on?  Why not?  

- Where do these detection blind spots exist on the risk register? What should be prioritized? 

- The number of secondary investigations initiated by signal. 

- The number of secondary signals for N-level triage (forensic images, DFIR-as-code) 

- Detection & countermeasures blind spots mapped to a common framework (ATT&CK, etc.) 

Finally understand how well you are performing: 

- How effective are the signals? What about signals per feed? Have they ever triggered? How often have you tested or tuned them? 

- Are the tests fully automated? Do they always fire as intended?  

- Do you test for false negative scenarios? 

This isn’t an exhaustive list, but I would start by answering those questions, and ensuring you have supportable frameworks in place to facilitate effective changes. 

4. How can organizations transition from reactive security measures to proactive threat intelligence? 

Organizations need to be able to evolve their countermeasures more quickly than their adversaries, in a safe, effective manner. Hypotheses need to be able to prove, or disprove, a theory so that lessons can be learned and applied more quickly. That starts with ensuring you have some ability to flexibly ingest and process your data. When incidents occur, sustainable mechanisms to detect the needles in the haystacks need to be quickly developed and implemented.  Ensuring easy, governed, detection development and quick iterations are critical to building an adaptable security operations and intelligence program. 

5. How is cloud adoption influencing security data strategies?

Organizations need to have a game plan to effectively navigate and balance the risks and rewards associated with cloud adoption. Most organizations have some form of hybrid environment which requires a more holistic approach towards collecting, managing, and analyzing data. Understanding what the requirements are from a business, governance, and operations standpoint will better enable your overall execution. 

6. How can businesses integrate security data strategies into their overall digital transformation efforts? 

Adopting methodologies for each stage of your security data program will enable your organization to measure and improve your internal processes and their effectiveness.  By implementing these frameworks, solid foundations can be built to capture the full value of your data.

A proven technical leader in the security industry, Justin started his career with a Canadian Secret clearance while still in College. After graduating, he spent the next decade building custom packet capture systems, intrusion detection systems, logging systems, and DFIR tooling for large organizations.

Justin established and ran the Countermeasures team at Equifax.  The team was responsible for building and maintaining the fleet of Moloch PCAP/IDS, IPS, and hundreds of other systems using petabytes of data.  His team was also responsible for discovering the 2017 data breach.  Justin was called into the Senate, while on paternity leave, in 2018.

At Barclays, Justin was part of the Global Hunt team and helped develop and mature many Threat Hunting capabilities and processes, especially related to malware analysis and DFIR.

Justin lead both the Threat Detection & Response and IT Ops functions at Unqork, a no-code/codeless-as-a-service company.

Currently, Justin is the Director of Threat Engineering at Abstract, and works with the Abstract Security Threat Research Organization (ASTRO) team to develop and implement threat detection content.

Despite always being a "Blue Teamer", Justin has documented CVEs in MISP and Qualys Cloud Agent, and actively contributes to open source technology, in addition to having open sourced a malware analysis platform (Phoenix).

Abstract Security, founded in 2023, has built a revolutionary platform equipped with an AI-powered assistant to better centralize the management of data operations and security analytics. Abstract is crafted by category creators and industry veterans known for redefining the cybersecurity landscape. Abstract’s data and security expertise enables organizations to simplify data operations, route data to any destination without vendor lock-in, amplify threat insights and easily migrate or transition data routing between different SIEM destinations. For more information, please visit https://www.abstract.security

MarTech Edge Logo

A digital publication that covers anything and everything that happens at the crossroad of marketing and technology. MTE encompasses industry news, informative blog posts, C-Suite interviews of marketing and tech leaders, insightful podcasts, and more.

Our Other Publications AI Edge Logo HRTech Edge Logo AdTech Edge Logo Global Fintech Edge Logo

Join our newsletter!

2023 © MartechEdge. All rights reserved. v1.1.5