The Gately Report: Trellix Threat Intelligence Leader Expects Cybercriminals to Pounce in Hurricane Ian Aftermath

Russia is planning massive cyberattacks on Ukraine and its allies.

Edward Gately, Senior News Editor

September 30, 2022

10 Slides

Trellix threat intelligence leader John Fokker expects cybercriminals to take advantage of Hurricane Ian‘s devastation in Florida and other states much the same way they did during the COVID-19 pandemic.


Trellix’s John Fokker

Fokker, Trellix’s head of threat intelligence and principal engineer, spoke during this week’s Trellix Xpand Live 2022 conference. He and Doug McKee, principal engineer and director of vulnerability research, detailed how the company helped law enforcement take down the notorious REvil ransomware gang. REvil was responsible for last year’s attack on Kaseya.

“We help catch bad people,” he said. “That’s what gets me going every day.”

During his career, Fokker has supervised numerous large-scale cybercrime investigations and takedowns. In addition, he’s one of the co-founders of the NoMoreRansom Project. The No More Ransom website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee. It helps victims of ransomware retrieve their encrypted data without having to pay the criminals.

Trellix Threat Intelligence Leads to Better Protection

We spoke with Fokker during Trellix Xpand Live to find out how threat intelligence is helping to protect organizations from cybercrime.

Channel Futures: Tell me about your work with Trellix’s Threat Intelligence Group and how does it lead to better cybersecurity for partners and customers?

John Fokker: I have the privilege to run a team with different types of analysts where we have commercial papers, and we have analysts that go out and hunt, collect and do research on threats out there in the world. So they use our telemetry, they use our products, but they also look at scanning the internet or disseminating third-party product blogs. We also have other vendors that come out with phenomenal research. We’ll look at it and we’ll validate it, and we’ll send it out to our customers. So that’s integrated in our work stream and that goes immediately to all the products. And we like to say we collect stuff that will really help the customer tackle the threat.

Now, there’s these threat actors. They move through a network. There’s multiple ways of doing so, and they use multiple tools. So our team identifies how the threat actor operates and we’ll try to find out ways of how they do it. This is what we can give. We can connect with the respective product teams and they’re like OK, can we build protection for this? And at the same time, we give intelligence to our customers. And this is product innovation. It was tied into the product. And at the same time, we also have an option where we have commercial opportunities. So if we have a customer that really wants to go in depth on threat intelligence or the other way around, they want threat intelligence, but they don’t have a whole team, we can help them out. We can support them with their assets.

Scroll through our slideshow for more from Fokker and more cybersecurity news.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like