Q&A: Ron Yorgason, Technical Integrations Director
Technical Integrations Director Ron Yorgason joined Flashpoint last September, bringing nearly 20 years of experience in software engineering, system deployment, custom integrations, and professional services. Since his days studying computer science at Portland State University—where he was an active member of the Computer Action Team—Ron has developed a deep, hands-on understanding of how to design, operate, and integrate networks and systems.
Ron recently sat down with us to discuss the numerous benefits our integrations deliver to users and partners, Flashpoint’s integrations roadmap heading into 2020, and his thoughts on the latest industry trends.
Q: We have some exciting integrations in development. What are some new use cases these integrations will enable, and how will they expand the applicability of BRI?
We’re just now getting ready to release some exciting integrations! While I can’t go into specifics just yet, we’re working on integrations to support diverse applications, from orchestration automation to real-time alerts. That’s all I can say for now, but stay tuned for updates!
Q: Can you walk me through some of the ways that our latest integrations augment partners’ IOCs and other datasets with Flashpoint targeted data acquired from highly curated sources?
There is no single source of intelligence that can capture every threat posed in the world. Attack methods—and the people behind the attacks—are in constant flux, and it’s impossible for any one group to track it all. Customers understand this, so they will select a mix of sources that will cover threats they might see.
Some OSINT (open source intelligence) feeds are noisy, with lots of false positives, but we take great care in making sure our raw datasets are high-quality and easy to sift through. Flashpoint’s collections span a broad range of sources, but these sources are carefully curated.
Q: Can you give some examples of how Flashpoint integrations can help customers take more well-informed, decisive action?
When we integrate our technical data and IOCs with our customer’s environments, they become actionable intelligence. You can automate certain aspects of cybersecurity by doing things like sending IP addresses directly to firewalls or URLs to proxy servers. In other words, you can prevent attacks automatically. Incorporating our file hashes can alert SOCs very quickly to malware on their systems, allowing them to contain the damage before it spreads, or critical data is exfiltrated.
When you understand the enemy, you can develop better defenses and manage your risk appropriately. Having our finished intelligence directly on hand allows threat hunting teams to quickly sort through reports relevant to them, helping them understand who may be targeting them, why they’re doing it, and what approaches they might take. Our CVE enrichment data allows customers to identify which vulnerabilities are of interest to threat actors and which threats are of immediate concern. Armed with this information, teams can determine if they need to patch certain vulnerabilities immediately, or if it’s safe to wait until the next maintenance cycle.
Q: Flashpoint is dedicated to making it easy to leverage our unparalleled data and intelligence in our customers’ workflows. What’s an example of a time we’ve listened to our customers and incorporated their feedback to create integration features that support their needs and challenges?
We’ve been getting a lot of requests to make more of our datasets available via integrations. Our Splunk integration was released last summer, and our customers loved being able to use our data within their environment. After receiving feedback on suggestions for improvement, we’ve just released a second app that includes our finished intelligence reports, a dashboard, matching rules, and support for Splunk Enterprise Security. In 2020, we’ll work on bringing in access to our CVE enrichment data.
Q: What are some surprising ways that technical integrations benefit customers?
Hopefully there aren’t any surprising benefits. Everything we’re developing is for a specific reason and use case.
Q: In your 20 years working in tech, what are the most striking changes you’ve seen in how companies join forces though technical integrations?
I love how everyone is trying to work together to help simplify, streamline, and improve security. Twenty years ago, powerful technology companies were entrenched in an “Embrace, Extend, Extinguish” business strategy, with the intention of creating a monopoly of preventing competition. Many companies were focused on proprietary solutions to lock in clients, and there was no incentive for the big corporations to play nice with anyone. Companies would purposefully change their APIs just to break others’ attempts at interoperating.
But now, in the security space, everyone either has open APIs, or they wish they did. We’re all working to find better ways to provide customers with solutions that will help their team respond to incidents with efficiency and precision.
Q: What trends are you seeing now that you most look forward to watching flourish in the future?
I’m excited to see so many companies take security seriously. Back in the ‘80s and ‘90s, security was little more than an afterthought, either in how software was developed or how companies kept their networks secure. Nowadays, software undergoes more rigorous security testing, and companies must invest considerably into ensuring critical data is kept safe.
Microsoft, for example, is one of the numerous powerful technology companies that many considered to have followed an “Embrace, Extend, Extinguish” strategy 20 years ago. But nonetheless, just last week, the company announced a new Rust-like programming language with a secure garbage collecting mechanism to help make programs more secure. Instead of using it to lock people in or hurt competitors, Microsoft is making it open source, allowing others to benefit from their advancements. That’s the trend I’m most looking forward to seeing more of; people working together to make the internet a safer place.