Accenture Security acquired VeriSign’s iDefense Security Intelligence Services in 2017 and has worked over the past year to integrate the threat capabilities it provides. For Tom Parker, managing director of Accenture Security, threat intelligence along with coached breach simulations are key steps to helping organizations improve cyber-resilience.
In a video interview with eWEEK, Parker discusses how the iDefense threat intelligence services have developed under Accenture’s ownership. Parker also provides insight into how Accenture’s Red and Blue team efforts have been branded as coached breach simulation to help organizations improve security posture.
“What’s really different about iDefense today from where it came from within VeriSign is the fact that it is now in a security services organization like Accenture,” Parker said. “We don’t just sell it [iDefense] as a feed, but we make it an integrated part of our managed security services, incident response services, threat hunting and red teaming.”
As part of Accenture, iDefense still has a vulnerability acquisition program, called the Vulnerability Contributor Program (VCP). With the VCP, iDefense pays security researchers for vulnerabilities. Parker said that Accenture’s clients sometime also have their own bug bounty programs that encourage researchers to responsibly disclose software vulnerabilities.
Parker joined Accenture Security in 2015 through the acquisition of FusionX, a company Parker co-founded in 2011. Parker noted that FusionX formed the original basis of Red Team cyber-security at Accenture.
A Red Team takes an adversarial approach to trying to infiltrate an organization’s defenses, with the idea being that it can lead to the identification of possible areas of weakness. On the other side is the Blue Team, which aims to help an organization deal with an adversarial attack. Parker said Accenture Security is taking what he calls a coached breach simulation approach, which combines Red and Blue team efforts.
With coached breach simulations, Accenture is able to sit beside its clients and see the things that they’re doing as Accenture’s Red Team simulates as close to a real breach, as possible, he said. Accenture then also helps organizations in real time as part of the simulation to defend against the attack.
“One of the things we’re doing as a core metric is reducing our client’s time to detect and respond,” Parker said. “Through something like a coached breach simulation, we can help the client realize that and make sure the next time something happens—and it will happen for real at some point—they are as prepared as possible.”
Watch the full video with Tom Parker above.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.