OSINT Strategy
- Cyber security tools
- Intelligence domains which include the search, selection, and collection of intelligence information, from publicly available sources
- Performed through monitoring, analysis, and research of information coming from the Internet
- OSINT is information that has been deliberately discovered, discriminated, distilled, and disseminated for a select audience
- Materials compiled based on information from open sources support all intelligence methods and activities through accumulation of intelligence knowledge, its analysis and dissemination
- OSINT + HI = VA OSINT (OSINT Validated)
Our Value Proposition
- OpenSource Intelligence Collection – Reported from cybercriminals, social media engagement, marketplaces, and chat rooms with the touch of Human Intelligence Collection
- Real-time Threat Tracking – Indicators of compromise, threat actors, malware
- Vulnerability and Credential Intelligence – Vulnerability scoring, compromised credentials of customers, partners, vendors, VIPs, executives
- Reduction of Risk – Security posture of organization mapped against discovered organization assets across surface, deep and dark web
Deep and Dark Web
- Surface Web
- Deep Web
- Dark Web
- The value of information cannot be realized unless it is possible to find it
- Most common methods are paste sites and forums
- Cached content is very important
Marketplace
Healthcare
Legal
Insurance
Manufacturing
Background Checks
Banks
Cyber Insurance
Sports
Venues Entertainment
Executive Protection
Threat Intelligence Use Cases
Brand Management and Protection
Self-Assessment
Merger & Acquisition Due Diligence
Compromised Credentials
Insider Threat
Cyber Insurance
Vendor Risk Management
Threat Intelligence
Vulnerability Management
Threat Hunting
Cyber Threat Intelligence (CTI)
- Focuses on analyzing raw data gathered from recent and past events to monitor, detect, and prevent threats to an organization
- Details of the motivations, intent, and capabilities of internal and external threat actors (e.g., Government, Organized crime, Activists, State-sponsored criminals)
- Threat intelligence includes specifics on the tactics, techniques, and procedures of these adversaries
- Threat intelligence’s primary purpose is to inform business decisions regarding the risks and implications associated with threats
- Shifting the focus from reactive to preventive intelligent security measures
CTI Monitoring
- Network Threats – Ability to monitor the risk of exposure of an entire country and/or specific organization (e.g., Infected systems, malware and botnets)
- Monitoring and take down of phishing sites
- Identification of compromised bank accounts Internationally – Reporting leaked credit card transactions to money mules
- Monitoring underground cybercrime forums and the Deep/Dark Web to discover compromised bank accounts.
- Rogue Mobile Application – Unauthorized mobile application developed to look like and behave like a legitimate one
- Monitoring Threats from Third Parties – Continuous auditing, security controls and monitoring controls
Benefits of CTI
- Prevent data loss
- Detect breaches
- Threat analysis
- Data analysis
- Incident response
- 24/7 threat intelligence, monitoring and analysis
- Rapid identification and remediation of attacks
- Ability to assess risk and prioritize threats
Leveraging the CTI Process (Intelligence Cycle)
Processing & Production
- Identifying the organization’s requirements to create the right amount of intelligence out of information
Planning & Evaluation
- Ensuring processes and tools are in place. Conducting risk assessments to identify threats, take steps to close potential gaps and implement controls
Collection
- Acquiring raw data to process.
Dissemination
- Supplying the relevant teams with finished and processed intelligence products to address the threats
Threat Intelligence with Return on Investment
Industry Leading Intelligence
Automated, human intelligence collection and finished intelligence reporting from cybercriminal forums, marketplaces, chat rooms and online engagements
Reduction of Risk
An industry leading intelligence requirements program that enables organizations to map intelligence collection and outputs to business drivers and risk reduction
Real-time Malware Tracking
Automated and technical tracking of malware including IoCs, TTPs, YARA, IDS signatures and technical intelligence reports
Vulnerability and Credential Intelligence
Vulnerability intelligence to drive your patching priorities and compromised credentials of your employees, VIPs and customers
IoCs
Tactical Intelligence (Short-term)
Information from known attacks, which has the potential to immediately influence cybersecurity decision-making
Operational Intelligence (Mid-term)
Offers insight into threat actors’ motivations, capabilities and objectives, and helps teams assess specific incidents relating to events and investigations, and guides and supports incident response
Strategic Intelligence (Long-term)
Broader and higher-level abstracts of the data to identify threats associated with foreign policy, global events etc., and focuses on the long-term impacts of cyber threats
Technical Threat Intelligence (TTI)
TTI is information that is normally consumed through technical resources. TTI typically feeds the investigative or monitoring functions of an organization, for example firewalls and mail filtering devices, by blocking attempted connections to suspect servers. TTI also serves for analytic tools, or just for visualization and dashboards
Threat Intelligence Sources
| Internal Sources | External Sources | |||
|---|---|---|---|---|
| Example | Technologies for collecting and processing | Vulnerabilities databases, IP blacklists and whitelists, threat data feeds | Forums, news sites, social media, dark web | |
| Technologies for collecting and processing | Feed parser | Feed/web scraper, parser | Collection: crawlers, feed/web parsers Processing: Natural Language Processing (NLP), machine learning | |
