It’s no secret that security threats are on the rise. While ransomware seems like the flavour of the month, it is just one kind of threat amongst countless others we face when trying to secure the perimeter of our organisations.
One of the biggest threats that can have a devastating effect on an organisation (if successful) is the loss of reputation and erosion of its brand. Those things take many years to build and rely on human trust in your product and/or brand. Just like human relationships, once trust in a brand and reputation is breached, it’s extremely difficult to repair the damage.
The business cost of such an event is so high that a proactive approach is required to protect against attacks on your most valuable assets. Typically, those assets are the ones that are most visible in the public domain such as domain names, websites, brand and company names etc. However, a massive attack vector commonly forgotten is the names of senior leadership, which are typically mentioned on a company’s public website. Following on from that, scrapping or guessing their email addresses is not difficult which as we know, are used in phishing attempts against an organisation.
Security teams should constantly be on the lookout for instances where these assets are being talked about where the sources are something other than the official channels, as some of those conversations can be malicious.
Threat Intelligence Platform (TIP)
As the name suggests, IntSights have created this platform to do that intelligence for you i.e. proactively look for and gain intelligence where an organisation’s most precious assets are being mentioned. It does so by using publicly available threat intelligence feeds but also its own feeds – only available to customers.
It also scours the Internet and paste bin sites, looking for exposed confidential information pieces. In addition to that, it keeps a keen eye on the dark web for conversations by bad actors looking to sell information on the black market.
Having collected all that information from the various sources enables the Threat Intelligence Platform to filter for your precious assets and see if there is some malicious activity affecting your reputation negatively.
Active Directory Integration
Most security incidents start with getting past basic security, using social engineering and/or leaked credentials. It’s known that millions of credentials are available for purchase on the black market and that number keeps going up, as more companies get their data stolen.
That’s why I think Active Directory integration into this platform is a key feature. It relies on the same information sources as mentioned before but due to its integration, it can proactively lock compromised accounts e.g. if the password matches with a leaked source. Alternatively, it can force a “credential reset” too.
Such proactive mitigation for login credential leaks is enormously powerful as it neutralises one of the most common attack vectors and stops the spread of worms and other malicious code. In addition to that, Bad actors are typically impatient, so such a roadblock provides a powerful deterrent, causing them to go and spend their efforts somewhere else.
Implementation
Deployment of the platform is dead simple. Being a cloud-based platform, there isn’t much to it and it’s up and running in no time. Once the account is in place, one has to:
- Add administrative users to the platform and setup SSO
- Configure Assets lists (there’s an extensive list of asset types to choose from)
- Configure Alerts and policies
- Use the Threats page and Alert profiler to refine alert configurations
Want to know more?
I would recommend a start by going to the product website which is a source of some excellent information – not just about the product but also about the threats and how to mitigate against them. Also, take a look at the Active Directory Integration piece I mentioned as I think that’s an essential piece of functionality.
Without or without that reading, you can always request a demo to go in-depth with the team and/or also get a free threat intelligence report for your company.
Like everything else in life, security should also be easy to implement, otherwise, it gets ignored. With Threat Intelligence Platform, it seems to me that IntSights is doing the heavy legwork for you so that you don’t have to!
Leave A Comment