As we noted in our earlier posts on Strategic Threat Intelligence and Management Intelligence , Cyber Threat Intelligence may seem like a single comprehensive discipline, but really, it comprises of multiple modules that address individual steps in the overall cyber threat intelligence process. Herein, while strategic threat intelligence is suited for an audience inclusive of key decision makers, CEOs, board members etc, who may not necessarily be proficient in the topic of cybersecurity, Tactical Threat Intelligenceis specifically compiled for an audience that understands the finer technical details that contribute to the organization’s security landscape.
Tactical intelligence enables SOCs to proactively respond to cyberthreats and supports day-to-day detection and response to improve the enterprise’s cyber posture by using malicious IP, malware signatures and mutex, phishing domains, command and control centers, and YARA rules.
Tactical intelligence enables the organizations to:
Operators like CIRT, SOC, NOC and any other interfacing teams. Essentially, personnel who are part of the organization’s security setup and tasked with proactively responding to cyber threats, support detection and response to improve the organization’s cybersecurity posture by using malicious IP, malware signatures & mutex, phishing domains, botnet command and control centers.
CYFIRMA employs robust mechanisms for information collection and interpretation to obtain Tactical threat intelligence from the following sources:
Offering such key insights as tactics, techniques and procedures (TTPs) adopted by malicious actors, operational/tactical threat intelligence from CYFIRMA helps an organization’s IT team understand how a potential cyberattack will play out. Additionally, this helps cyber defenders decide on mitigation strategies, including detection techniques that are more suited for the job, enlist permissions from decision makers, identify and correct obvious vulnerabilities, etc.
n the context of CYFIRMA, tactical threat intelligence helps organizations safeguard their cyber posture by blocking known malware signatures, malicious domains, command and control centres or indicators of compromise. Using its proprietary Cyber Intelligence Analytics Platform (CAP), CYFIRMA offers tactical threat intelligence to assist organizations in cyber strategy, process and security control, predicting future cyber-attacks and business risks, and recommending proactive measures.
Importantly, CYFIRMA’s approach lays more emphasis on quality rather than quantity. CYFIRMA offers its clients a limited number of, yet highly researched and analysed IOCs that highlight a threat actor’s targeting of a specific industry and/or organization. This is in contrast to the common trend amongst cybersecurity companies wherein millions of irrelevant and poorly researched IOCs are offered.
Suggested Reading:Cyber Intelligence Analytics Platform (CAP) from CYFIRMA, the most intuitive, and responsive threat intelligence management system for your money.
In most organizations, the key decision makers like CEOs, Board of Directors, etc., are the secondary audience to these tactical threat intelligence reports. Thus, a technical representative (CISO, CTO, etc.) will have to act like a liaison to help the decision makers understand the finer details of these reports. Further, this representative’s recommendations will serve as the basis for the eventual decision coming from the leadership group. CYFIRMA’s on-point reporting helps streamline this conversation.
Listed below are some case-studies that further establish CYFIRMA’s proficiency as a robust aggregator of Operational/Tactical Threat Intelligence.
Recently, CYFIRMA helped a large US-based financial institution with a sophisticated cyber threat center, identify and mitigate smartly targeted cyber threats in quick time. CYFIRMA helped the organization’s Security Operation Team to mitigate DDOS, malware Implants, DNS hijacking and data-stealing attempts by initiating daily updates to the cyber operation center to keep security controls current with the latest threat vectors (firewall, IDS/IPS, antivirus, proxies, SIEM).
CYFIRMA was contracted by a large Japanese corporation with footprint in heavy industry, financial services, retail, and food and beverage domains to better understand cyber risks and mitigate them efficiently and effectively. CYFIRMA helped the organization’s security operations to mitigate ransomware, cryptojacking malware implants and data-stealing attempts by providing daily updates to the cyber operations center to keep security controls current with the latest threat vectors (firewall, IDS/IPS, antivirus, proxies, SIEM).
Additionally, the following highlights CYFIRMA’s Tactical recommendations to organizations. These insights help the organizations make the best use of their security assets.
Further, the following lists CYFIRMA’s Tactical recommendations pertaining to IOCs:
Also, read the earlier blog posts in this three part series on Strategic Threat Intelligence and Management Intelligence.