Threat intelligence

Preventive analytics of penetration factors, access violations, information leaks, system blocking and other incidents

Managed threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, consequences, and practical advice, about an existing or emerging threat or danger to assets. This knowledge can be used to make decisions to respond to that threat or danger.

Threat intelligence (threat analysis) is an important component of information security. It helps determine in advance which threats are the most dangerous for a particular business. In this way, you can get an idea of ​​the threats that will target or are targeting the organization, its employees, customers, and partners. These threats can potentially lead to loss of income, reputation, service interruptions, and other negative consequences. With threat intelligence, organizations can prioritize the most likely causes of problems and channel available resources to where they will be most effective.

Managed Threat Intelligence service helps you outrun intruders and protect your business intelligently by making your armour heavier, not everywhere, but only where the next hit comes.

Sources of information about threats

	Shared indicators of compromise Retrieving information about malicious activity from event logs. The indicators are openly documented and facilitate the identification of problems related to network traffic anomalies, compromised user data, suspicious file modifications, and more.
	Open sources For intelligence and analysis, we use various resources ranging from traditional media to social media posts, cybersecurity forums, popular blogs, vendor sites, and more. At the same time, brand and domain hijacking monitoring is performed.
	Proprietary threat analytics Various threats targeting our customers help us build a comprehensive threat database. By collecting and correlating threats from our clients, we augment and enrich our internal algorithms, and security analysts learn more about the threat landscape. This, in turn, gives you relevant information to protect your business.
	Deep Web and Dark Web threat analytics We go beyond open-source information and analyze what is happening on the forums in the so-called Deep Web and Dark Web. We collect information from sources such as Telegram, QQ and IRC hacker groups, as well as various marketplaces, forums, and file-sharing platforms, and that enables us to identify stolen assets, new threat vectors, analyse exploit kits, as well as other attackers’ tools and methods.

Basic steps of threat intelligence

1. Requirements. This phase is critical to the threat intelligence lifecycle as it defines the structure of the project. During this planning phase, the team will agree on the goals and methodology of their intelligence programme based on the client’s needs. The team can detect:
   • who are the attackers and what their motives are;
   • what is the attack surface;
   • what specific actions should be taken to strengthen the defence against a future attack.
2. Data collection. Once the requirements have been identified, the team proceeds to gather the information needed to achieve their goals. Depending on those goals, the team will analyze traffic logs, public data sources, relevant forums, social media, blogs, and publications by industry or subject matter experts.
3. Processing. Once the raw data from different sources have been collected, they are combined and converted into a format suitable for analysis. In most cases, it is a structured spreadsheet: decrypted files, translated information from foreign sources, and other relevant data.
4. Analysis. After processing the dataset, the team conducts a thorough analysis to find answers to the questions posed in the requirements phase. During the analysis phase, the team also works to break down the resulting dataset into elements: the necessary actions and valuable recommendations for stakeholders.
5. Transfer of analysis results. At the stage of transferring the results, the threat analysis team converts its report into a convenient format and presents the results to stakeholders. The presentation of results depends on the audience. In most cases, the recommendations are presented concisely, without confusing technical jargon.
6. Feedback. The final phase of the Threat Intelligence lifecycle involves obtaining feedback on the submitted report to determine if adjustments need to be made for future threat intelligence operations. Stakeholders can change their priorities, the frequency with which they want to receive threat intelligence reports, or the way the data is transmitted or presented.

We think like hackers by modelling their behaviour. This allows us to quickly and efficiently obtain the necessary data, analyze it, warn customers and provide them with recommendations on how to prevent a possible attack. We are your ears and eyes in the world of security threats.

Check out our additional services and business cases. Submit the form below to order a threat intelligence service. Get a free consultation.