Threat Intelligence
Intel 471’s Threat Intelligence packages are tiered into multiple levels with different deliverables to enable organizations of all shapes and sizes to realise the full benefit of our intelligence platform and offerings.
The complete suite of available deliverables includes:
- Intel 471 intelligence platform seats – Access via Intel 471’s intelligence platform to the full set of purchased data and intelligence collected by and distributed by Intel 471.
- Customer-Initiated Requests for Information (RFIs) – Targeted collection, research and reporting driven by customer requests.
- Automated underground collection data, searching and pivoting – Near real-time visibility and search of key actors, assets, issues, organizations and other criteria from within the cyber underground. Collection sources include underground forums, marketplaces and chat rooms (Telegram, Whatsapp, IRC, Discord etc).
- Curated, all-source finished intelligence (FINTEL) products – A number of different finished intelligence products:
- Intelligence Bulletins that provide contextual insight related to events, activities and themes observed in the underground;
- Profile Summary Report, detailing unique actors, services, products, forums, and marketplaces prolific within the underground;
- Underground Pulse, providing a weekly summary of key events and trends observed in the underground;
- Underground Perspectives, providing a summary of open-source media topics, with related content observed in the underground, as the notable events unfold
- Intelligence Whitepapers, providing a detailed overview on research and findings for specific areas and issues of interest.
- Vulnerability Intelligence – Access to dashboard in Intel 471’s intelligence platform and API that tracks significant vulnerabilities to assist patch prioritisation and vulnerability management based on what is being discussed, developed, bought and sold, exploited and productised in the underground. To view more information on our vulnerability intelligence, click here.
- Information reports (IRs) from Intel 471’s globally dispersed research team – Tactical and operational intelligence reports on notable cyber activity derived from human intelligence (HUMINT) sources and online engagements with threat actors.
- Underground alerts – Real-time alerting of key actors, assets, issues, organizations and other criteria.
- Compromised Credentials – Access to a feed of compromised credentials of your organization and your employees. To view more information on our credential intelligence, click here.
- Malware Intelligence – Intel 471’s automated and manual coverage of the top criminal malware families which includes what is described below. To view more information on our malware intelligence, click here.
- Malware indicators: Curated, high-fidelity indicators of compromise (IOCs) feed. This near-real-time feed of file and network-based indicators from Malware Intelligence for automated ingestion and operationalisation within security systems to block and detect malicious activity from the top criminal malware families.
- Malware detection – YARA rules & IDS signatures.
- Malware intelligence reports – In-depth analysis of malware families and features, network traffic, code samples, how to identify and detect, how to decode, extract and parse its configuration, control server(s), encryption keys and campaign IDs.
- Malware configuration extraction and alerting – identify web injects, geographic focus, evasion and other configuration, and employ alerting on any key changes seen as they occur.
- Regular touchpoints:
- Quarterly threat briefings – Quarterly briefing on the top cybercriminal threat actors having the highest impact on our customers, their sectors, customers and suppliers.
- Monthly calls with a senior intelligence collection manager – Provide an assigned resource to assist the customer’s team with Priority Intelligence Requirements (PIRs), ensure Intel 471 collection efforts are focused on the customer’s PIRs, liaise on RFIs and identify additional relevant intelligence for the customer. Direct contact with the assigned Collection Manager for ongoing engagement is provided. The Intel 471 Collection Management Team is composed of experienced intelligence professionals who have held senior-level intelligence roles in the private sector and law enforcement.
- Intelligence requirements program:
- Self managed intelligence requirements program – Intel 471 uses their deep subject matter expertise, to classify and codify the content which we collect and produce, so as to align this content to the General Intelligence Requirements (GIR) programme. Identifying the content which satisfies these requirements, allows customers to apply their own custom selection of GIRs as an additional filter to the content in Intel 471’s intelligence platform in addition to receiving a highly curated feed of content which meets their requirements. Customers are able to modify their selected GIRs at any time to reflect the dynamic threat landscape they face and to highlight notable content.
- Intel 471 managed intelligence reqs program that drives Intel 471 intelligence strategy – A structured programme to help customers accurately capture the intelligence requirements of their cyber threat intelligence program, relating to the top priorities and risks of their business. This includes working with the customer to capture their Top 12 Priority Intelligence Requirements (PIRs). Intel 471 will partially drive its collection and research activities for the customer, based on these PIRs. This helps to shift intelligence efforts from being more opportunistic to being more structured and planned according to actual intelligence requirements, as a mature intelligence programme should be. In fact, this Intelligence Requirements Programme is also used internally at Intel 471 and it is readily shared with our customers. This helps organizations mature their own intelligence programmes and leverage the programme outside of just the scope of Intel 471 intelligence deliverables, such as using it to assess other intelligence vendors. The outcomes of this programme enables customers to set the basis for assessing success criteria and generating key performance indicators for their intelligence programme.
- Club 471 Collaboration Community – A collaborative community of Intel 471 customers and Intel 471’s senior intelligence analysts and intelligence operators. This provides the ability to share and receive unique insights and analysis with a highly vetted and uniquely skilled group of like-minded intelligence professionals. Examples of things typically shared are insights on key actors, malware and notable events.
- 3rd Party Integrations – Numerous third-party integrations including threat intelligence platforms, SIEMs, orchestration platforms, analytical tools and others.
- API Access – Structured (JSON) raw data access of full Intel 471 intelligence and data set accessible via programmable API.