Join us for an insightful session with Markus Ludwig, Chief Executive Officer and Co-Founder of ticura, at RSAC 2025. Hosted by Jackie McGuire of theCUBE Research and Jon Oltsik, Former Distinguished Analyst, this video delves into the evolving landscape of threat intelligence and cybersecurity innovation.
In this video, Ludwig, an expert in threat intelligence curation, discusses how ticura transforms the way organizations handle intelligence data. They explain ticura’s cutting-edge approach to managing threat intelligence by leveraging analytics and automation to optimize portfolios across diverse market sectors such as large enterprises and smaller businesses. Ludwig’s insights, alongside analyses from theCUBE Research hosts, provide a comprehensive understanding of the industry.
The discussion provides valuable takeaways such as the importance of mitigating intelligence fatigue through effective curation and the advantageous integration of AI to bridge skill gaps in cybersecurity. Ludwig highlights how ticura differentiates itself from traditional threat intelligence platforms by offering a more tailored and measurable approach to intelligence management, a sentiment echoed by the analysts present during the conversation.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Markus Ludwig, ticura
Join us for an insightful session with Markus Ludwig, Chief Executive Officer and Co-Founder of ticura, at the RSA 2025 event. Hosted by a Principal Analyst at theCUBE Research and a former Distinguished Analyst now self-employed, this video delves into the evolving landscape of threat intelligence and cybersecurity innovation.
In this video, Ludwig, an expert in threat intelligence curation, discusses how ticura transforms the way organizations handle intelligence data. They explain ticura’s cutting-edge approach to managing threat intelligence by leveraging analytics and automation to optimize portfolios across diverse market sectors such as large enterprises and smaller businesses. Ludwig’s insights, alongside analyses from theCUBE Research hosts, provide a comprehensive understanding of the industry.
The discussion provides valuable takeaways such as the importance of mitigating intelligence fatigue through effective curation and the advantageous integration of AI to bridge skill gaps in cybersecurity. Ludwig highlights how ticura differentiates itself from traditional threat intelligence platforms by offering a more tailored and measurable approach to intelligence management, a sentiment echoed by the analysts present during the conversation.
Markus Ludwig, co-founder and CEO of ticura GmbH, joins theCUBE’s Jackie McGuire and Jon Oltsik at the RSAC 2025 Conference. The conversation explores ticura’s approach to threat intelligence curation and how automation is helping teams reduce fatigue and improve signal clarity.
Ludwig shares how ticura tailors intelligence management for different market segments, from large enterprises to smaller organizations. He explains how analytics-driven curation helps bridge skills gaps and optimize threat visibility.
The discussion also highlights ...Read more
exploreKeep Exploring
What does Ticura stand for and what is the company's focus in terms of threat intelligence?add
What is the current state of threat intelligence information and the challenges faced in curating and prioritizing it effectively?add
What role can AI play in addressing the shortage of skills in threat intelligence?add
What does supporting multiple products, formats, and data schemas ensure in terms of consuming threat intelligence easily?add
>> Hi everyone, this is Jon Oltsik, analyst in residence at theCUBE, and I'm here with my
colleague Jackie McGuire, live at RSA 2025 with theCUBE. And we're joined by Markus
Ludwig, who is the CEO and Co-Founder of Ticura. Welcome, Markus. Welcome, Jackie.
Jackie McGuire
>> Thanks for having us.
Markus Ludwig
>> Thanks for having me. It's a pleasure.
Jon Oltsik
>> So Markus, let's start. I mean, so tell us what
Ticura is and what it does.
Markus Ludwig
>> Oh, yeah. So Ticura stands actually for threat intelligence curation. This is where the name came from. And we founded Ticura around four years, nearly four years ago. Actually, our release date was last year around San Francisco,
so it's a GA birthday, so you can say. Right? What we do is threat
intelligence curation. It's actually using analytics and automation to optimize a
threat intelligence program, optimize the portfolio of any use case. No matter which market,
which size of a company. No matter if it's an
MSSP, large enterprises or even smaller, medium
business companies.
Jon Oltsik
>> Okay. And who are your
primary customers now?
Markus Ludwig
>> Now, it's mainly
security service providers. That is our sweet spot customer. And also, security solution vendors.
Jackie McGuire
>> It seems like we've almost
gone from not enough threat intelligence information
to now there's so much that without some way to
curate and sort through it and prioritize it, it can
kind of be overwhelming. It's almost like alert fatigue, but intelligence fatigue. Right?
Markus Ludwig
>> Yeah, exactly. Spot on.
That's exactly the story. If you look at how much threat
intelligence exists today... And it is the fuel of cyber security. No matter what you do in cyber, you have to look at the intelligence behind that. And there is so much, it's so fragmented, so crowded, that space. Open source, free sources, structured, unstructured information,
strategic information, operational information. So the power you have to
invest to actually understand what exists and how to consume
it, and what is right for me or my use case or for my
customers, that is super expensive for a company, and not to handle actually without
analytics and automation.
Jon Oltsik
>> It's an area where there's
an acute skill shortage. We talk about the security
skill shortage at large, but if you look at
specific areas, that's one where you've got threat analysts
who worked in government or intelligence agencies, or they work at big
companies, big tech companies. Or you have almost nothing.
Markus Ludwig
>> Yeah, absolutely. Shortage
of skills is a real threat. And this is where AI may come into play or is coming into play. It helps to scale that
part without scaling with real people, because you are not able to scale with real people.
Jackie McGuire
>> And I think when you mentioned how many different sources there
are of threat intelligence, I think what was surprising to me, I worked at a data pipeline company, and you oftentimes need
an entire person just to handle bringing that data together. Because you have open source, you have subscription
services, you have the stuff that's built into your SIEM. So, I imagine that having
some way to get all of that in one place and prioritize probably saves
at least some head count, because it's a full-time job. And I don't know that a lot
of security teams have someone full-time dedicated just to
getting all of the data in.
Markus Ludwig
>> In larger companies, larger MSSPs it wouldn't be
sufficient to have one person. You have threat hunters who are doing nothing else
than just looking out for what is currently going on. What is relevant for me now?
And again, that doesn't scale. Right? More threats. If you think about using or utilizing AI to speed up new threats that are coming up from the bad guys, you need to do something. You can't do it manually. >> And tell me
Jon Oltsik
>> how you're not a threat
intelligence platform or a tip. Because the way you describe it, someone could easily come
away from this interview and say, "Oh, it's just another threat intelligence platform. They've been around for
years." How are you different?
Markus Ludwig
>> Yeah. A threat intelligence
platform is actually the target product, would be
one of the target products of our outcome. It typically is the interface to threat intelligence information
for analysts, for people, for threat hunters. What we are is the step before. We make threat intelligence
measurable and comparable. Then look what is relevant
for a use case for a team, for a company, and then give
it to you in a consumable way with a few clicks. It just takes a few minutes. Now, we don't want to be another
threat intelligence vendor, we don't want to be another
threat intelligence platform. We want to be the part that relieves the teams
from doing the manual work of understanding what is relevant for me.
Jackie McGuire
>> And with the security
services provider, I imagine the curation is different from one customer to the next for them. Right? So the curation
that they need for the tip for one customer is not
going to be what they need for a tip for a different customer. So, I imagine their needs are
kind of exponential compared to an individual customer. So I can see why you've had success there, and that they would need to
create custom feeds per the stacks that they're managing. Right?
Markus Ludwig
>> Yeah. And that isn't
possible as of today. So, MSSPs can't do that. Even if most of them or some of them are
claiming to do so, it's hard for them to really... Even if you do it once, it's
no longer valid tomorrow because new threats come
up, new sources come up, threat intelligence sources get outdated. How do you keep track with that? How do you keep that up to
date without automation? And that is the analytics. We are currently analyzing more than 1, 000 threat intelligence sources
continuously in real time. And we measure them, how fast
are they, what do they cover? How relevant are they for which industry, for which type of threats? And then with a few clicks,
you can actually incorporate that intelligence like fuel
into your security operations.
Jon Oltsik
>> And so, how do you work with the ISACs?
Markus Ludwig
>> Oh, that's a good one.
Yeah. We are a member- >> .
Jackie McGuire
>> Uh oh, you get the first bonus
Markus Ludwig
>> point.
- ...
Jon Oltsik
>> of the FS-ISAC expert resource pool, are working closely with them. And also from the IT-ISAC, for example. What we do is we incorporate
their intelligence and we deliver that to their
own customers or members. That means we now
identify, what is relevant for the customer, a bank in the U. S., for example, or a European bank. And then we manage the data so it fits and is converged and contextualized to the
needs of the customer. So we converge also FS-ISAC
information with open source or commercial vendors, and then bring one
picture to the customer. They don't need to
converge the data locally.
Jon Oltsik
>> Then Jackie's point to start was spot on because in my experience,
there's this more is better kind of mindset. And more isn't better. If I'm
a healthcare organization in the United States, I
need threat intelligence that's relevant to me. So, how do you make that... I don't know. How do you do that and how
do you make it affordable? 'Cause if I'm a regional hospital, obviously I can't afford all
of the commercial threat feeds that might be available.
Markus Ludwig
>> There are two aspects to look
at when talking about that. Number one is the more, the better, the more noise, the better it is. No, for sure not. But the more sources you get,
the more noise you will get. Cutting through the noise, and I know that we have a term here that says extracting the
signal from the noise. Our saying is more
signal, less noise. Right? >> Pretty close.
- Yeah.
Markus Ludwig
>> Pretty close. So,
it's a perfect fit here.
Jackie McGuire
>> What we do is we categorize
the noise continuously
Jon Oltsik
>> by converging the information
from more than 200 informational sources continuously. And then label categories where companies actually can decide what is noise, what is not noise? Do I need that? Should that be filtered? Do I need that information?
So, it's super easy. It's really selecting little check boxes and you are done with noise
categorization and filtering. Second story coming to the
budget. You're totally right. When talking about the budgets, if I give you a recommendation that contains the 15 most
expensive threat intelligence feeds, how good is that recommendation if your budget is $150,000 per year? It's not optimal at all. So,
we also optimize to the budget. You can specify what is your budget. And you can select even no
commercial vendors just- >> Just open source?
Markus Ludwig
>> Just open source.
- Just open source. Just open source.
Jackie McGuire
>> And you get the best out of open source
Jon Oltsik
>> with applied force positive prevention.
Jackie McGuire
>> It's one of the reasons that
one of my kind of theories, and I guess I can't really
take credit for this 'cause it's already happening, is that-
Jon Oltsik
>> Oh, take credit .
Jackie McGuire
>> Well, I've been writing
for a couple of years that managed services and managed security services
are going to explode. Because most small and mid-sized businesses have kind of done okay up until now. But the exponential nature with which the attack surface is growing
and threats are multiplying. And then you add this kind of AI automated nature to the threats. And I just think by 2030,
I find it hard to believe that most sub 5,000 employee
businesses will be able to manage their own security. I think from a cyber risk
insurance perspective, that's going to get more expensive. Just threat intelligence too. If you can't afford a six
figure threat intelligence fee, then you probably need to
be using a service provider 'cause you probably
can't afford the people to go through that feed either.
Jon Oltsik
>> True.
- Yeah. Yeah.
Markus Ludwig
>> If you think about that, let's go away from the larger companies. Let's look at the small companies. They are more and more a spot, a target of actors, right? There is also money there, and they can't afford any of that. They need a security
service provider that is a very much growing market
serving the SMB market as a security service provider. How do you scale there,
if not with automation and AI, right? No chance at all.
Jackie McGuire
>> And we all have a shared fate. So, I've seen some of the
largest Fortune 50s go down because their 10 person
vendor got ransomwared. And their sensitive
corporate data was sitting at that 10 person ransomware company. So, I almost think we
sometimes use size as an excuse for bad security posture. But the reality is that a lot of big, big tech companies are taken down by their very small vendors. So, it's probably worth paying
extra attention to SMBs, especially the ones in
the B2B business because. And I have seen ransomware
attackers moving further down the chain, as large companies stopped paying. Their cyber risk policies don't pay and they won't pay the ransom anymore. So they're like, smaller
companies have less ability to negotiate. And it's in their best
interest to pay and move on. So, I anticipate that'll
probably continue, from an economics perspective.
Markus Ludwig
>> Yeah. The weakest part
in the chain, right? >> Yeah. Yep.
- There's always one.
Jackie McGuire
>> Yeah.
- So another question that I think of is,
Jon Oltsik
>> I'm a big fan of the
threat-informed defense,
Markus Ludwig
>> which is a MITRE model.
Jackie McGuire
>> So, how do you align with
the MITRE attack framework?
Markus Ludwig
>> Yeah, it's actually part
of the contextualization. Everything that goes in needs to have the MITRE attack
information, the techniques, the tactics assigned to it. It's essential for any
security operations. And yeah, it's attached
to any information.
Jon Oltsik
>> Attached to everything.
And what about downstream? And Jackie mentioned this
as like, I want to take that threat intelligence and I
want to feed it into reports. I want to feed it into my SIEM. I might want to feed it into my XDR. I might have spent cloud security people. So, how does that work?
Markus Ludwig
>> Yeah, that's a good one. The best threat intelligence
doesn't help you if you are not able to consume it easily.
Jon Oltsik
>> Operationalize. Yes. >> Yes. So, one part is that we support as
Markus Ludwig
>> many products, formats,
data schemas as possible. It means if a customer steps up and says, "I am using the following tip, or I'm using this seem like an MS Sentinel versus a Curator. " No, okay.
Jon Oltsik
>> Maybe not a Curator.
- Bad example.
Markus Ludwig
>> But let's talk about OpenCTI versus MISP. Maybe I need STIX/TAXII in version 2. 1, or I need just a JSON lines format. We are taking care that it
always is also optimized to the target consuming product and to your needs. That's important.
Jackie McGuire
>> Your data scientists appreciate that, because being someone who
used to write detections for a SIEM and having to get those things into a
JSON dictionary to do something with them with pandas, I really appreciate getting
it in JSON right away. 'Cause we didn't have LLMs to
do that for us back in my day.
Jon Oltsik
>> Yeah. And otherwise, talk
about the work that's involved.
Jackie McGuire
>> Literally, the first three
weeks I was a data scientist at a SIEM was just beating my
face with regex against syslog, trying to get it into a JSON dictionary so I could do something with it. And yeah, if you think about
what I was making an hour, which wasn't a lot, I was an
entry-level data scientist, but multiply that by three
weeks worth of my time. And a tool that could have
done that in one click, definitely I would've spent
a lot more time writing detections and a lot less time
just trying to wrangle data. So, we should probably
ask an RSA question since we're at RSA. So-
Jon Oltsik
>> Please do.
- ...
Jackie McGuire
>> what is the number one
thing you're looking forward to learning more about at RSA this year? I know we're all coming in the midst of a massive hype cycle, but what are you looking forward to?
Markus Ludwig
>> First and foremost, most of the conversations I
have are typically outside of the conference centers, hopping from one meeting
room to the other. >> Not this one. You're
right now.
Jackie McGuire
>> No, not this one.
- The good stuff happens here.
Markus Ludwig
>> It's the most important one. Right?
Jackie McGuire
>> Yeah.
Markus Ludwig
>> And the first one I had.
Markus Ludwig
>> But talking
Jon Oltsik
>> with those people gives us
a much better impression. What are the needs? What
are companies looking for? What are solution vendors
looking for, heading towards? And we do have all types of conversations with customers we already have, with partners we already
have, potential new partners, potential vendor partnerships, alliances. And you get a very good picture. There is no other place, in
my opinion, where you can meet so many people in reality. Because there is still a
difference if you are sitting in front of someone or if you are
looking at a screen, right?
Jon Oltsik
>> Yeah. - Note to everybody,
get out from the conferences
Jackie McGuire
>> and go actually talk to people
at happy hours, because-
Jon Oltsik
>> That's where the real buzz is. I said that to John Furrier before. It's in the hallways, it's
in the dinner meetings that you really understand. And it's talking to practitioners. But Markus, thank you for stopping by. We appreciate the time. And stay tuned for more from theCUBE live at RSA 2025 moving forward. Thanks a lot.
Jon Oltsik
Jackie McGuire