Translating Cyber Threat Intelligence for the Rest of the Business

by | Aug 10, 2020 | Blog, Outside Intel

For enterprise businesses, especially in the technology, finance, and manufacturing sectors, the use cases and company consumers of intelligence work can be almost limitless. Therefore, it’s critical for a threat intelligence team to be transparent throughout the enterprise and openly promote the capabilities it can bring.

While incident response, vulnerability management, internal threat hunting, and red teams are typical threat intelligence customers, many large companies see risk at a global scale across the business. As a result, it’s critical to leverage a lot of the data and skillsets of a threat intelligence team to go beyond cyber actors.

Many employees within a large enterprise may not be familiar with processes, capabilities, or contribute to intelligence work. Therefore, it’s important for intelligence teams to work outside of the SOC and liaise with all business functions to promote the benefits of intelligence.

For instance, if a technology company has a product or platform that is used for fraudulent purposes, the threat intelligence team can collect data on specific threat actors via external threat hunting to support the network Security Operations Center (SOC) to prevent the attackers from breaching the network. With the proper automation and data sharing in place, the Trust and Safety or Fraud teams can use the same data to prevent misuse of the product and the product and engineering teams can secure their code against any TTPs identified as associated with the actors.

Check out how Mike Rennie of LogMeIn recommends using threat intelligence data to help application security, fraud, legal, social media, marketing, and acquisition teams across an enterprise below.

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks