Relentless ransomware, damaging malware, emerging cyber adversaries and rapidly advancing artificial intelligence (AI) have changed the threat landscape, particularly for critical infrastructure. The need for advanced behavioral threat hunting capabilities is far greater than when we founded Intel 471 over 10 years ago. To square up to this new environment, customers are increasingly turning to converged threat hunting and cyber threat intelligence (CTI) priorities. In an effort to meet this growing need, Intel 471 has acquired Cyborg Security, the company behind HUNTER — a powerful threat hunting platform for proactively detecting stealthy threats. Intel 471 CEO and Co-founder Jason Passwaters explains how our client base can take advantage of this strategic integration — a natural extension to our leadership in CTI. “Customers will benefit from the HUNTER platform fueled by our premier CTI to drive hunt priority, streamline the hunt process, improve their team’s efficiency and stay ahead of emerging threats,” says Passwaters.
CTI and threat hunting practices are merging in the wider cybersecurity industry, which can be seen in organizations rapidly adopting complementary use cases with integrated practices under the same programs and budgets. This is one reason why Intel 471 decided to set the standard for “intelligence-driven” threat hunting, which gives customers the ability to carry out accurate hunts with properly measured operational success that ensures a return on investment for their threat hunt and CTI programs. This gives organizations the advantage they need in the battle against diverse threat actors whose tactics, techniques and procedures (TTPs) we track daily across the globe.
The HUNTER platform offers a library of advanced threat hunting and detection packages that are fully operational to the client’s environment.
How CTI and Threat Hunting Complement Each Other
Threat intel and threat hunting are sometimes mistaken for the same practice. However, they’re unique and complementary disciplines that help defenders protect critical assets from a variety of threats.
This CTI work we carry out includes gathering intelligence about bulletproof hosting service providers that support actors in the cybercrime-as-as-service ecosystem; techniques such as targeting identity and access management infrastructure hacking crews and state-sponsored actors use to break into higher value targets; and the vulnerabilities and tools the most prolific ransomware gangs use for extortion.
Intel 471’s CTI, and importantly, our deep analysis of this intelligence, makes all the difference. Most of this work is carried out in the shadows and victories are celebrated behind closed doors for preventing breaches that could have been. But sometimes our work is credited publicly, such as the intel we provided international law enforcement for their recent takedown of LabHost, a phishing-as-a-service (PHaaS) operation that helped 2,000 criminals to defraud victims worldwide.
Threat hunters do a different job. Threat hunters look for evidence — artifacts and behaviors — of malicious activity within a network. They depend on our malware intelligence and on the outward-looking CTI that our in-region experts gather — threat actor behaviors and their TTPs — to inform their hunt, narrow the search and focus resources. The TTPs we collect cannot be easily replaced by attackers once discovered, unlike easily acquired indicators of compromise (IOCs), IP addresses and domain names.
As our new colleagues at Cyborg Security have quipped: “Without intelligence, a threat hunter could search forever and find nothing.”
David Amsler, CEO and founder of Cyborg Security explained: “Threat hunting requires continuous monitoring of the threat landscape and tracking changes. Intel 471 CTI delivers those relevant and timely insights, as well as the contextualization of those insights. Together, our capabilities provide enterprises the tools and systems to deliver best-in-class threat hunting.”
The combination of these two different skill sets in a unified organization is rare. That’s why Intel 471 is setting the standard for intelligence-driven threat hunting made possible by a truly unique combination built on years of discipline in the field across two companies built by practitioners — threat hunters, threat intel analysts and security researchers — who live and breathe the threat landscape to protect our customers’ most important assets.