Threat Intelligence Use Cases for Trust and Safety

by | Jul 27, 2020 | Blog, Trust and Safety

Varied threats like disinformation, platform abuse, brand dilution, strategic breach campaigns, extortion, insider threats and nation states stealing intellectual property are more prevalent than ever. More and more of these threats live far outside the traditional environment of analysts investigating potential cyber intrusions on their dashboards.

Mature security operations centers understand how to use intelligence to dissect cyber threats and are starting to understand where that process can be applied in other areas of the business.

While the typical beneficiaries of cyber threat intelligence are teams in threat hunting, application security, vulnerability management, and incident response, mature organizations realize many of the same datasets used in traditional cyber threat intelligence can be leveraged to address other areas of the business.

Further, advanced programs are adding new groups that incorporate information from physical security, social media, geopolitical, marketing, and business intelligence sources.

This blog will discuss some use cases around one such example: Trust and Safety teams.

Trust and Safety teams have grown in popularity in the past five years, especially among companies that operate consumer-facing technology platforms. Blending fraud and crime prevention with company policy, these teams are a natural fit for a strong intelligence complement. Strategic intelligence will inform better policy decisions, and tactical intelligence can prevent criminals from using technology platforms for gain.

Use cases for intelligence data in trust and safety teams are endless, but typically revolve around safety, fraud, and abuse of a product or platform. Some typical scenarios we have seen the aggregation and analysis of data to support trust and safety teams include:

  • Identifying assailants targeting company executives traveling abroad
  • Disrupting disinformation campaigns
  • Combatting nation-state and criminal online recruitment efforts
  • Attributing anonymous short-sellers, creating false information to manipulate stock prices
  • Disrupting a criminal ring conducting charge-back fraud on a platform
  • Identifying an assailant extorting a company employees
  • Monitoring sentiment negatively affecting overseas operations in a hostile region
  • Identifying an insider threat leaking data with no network origination point
  • Ensuring a platform or data does not get corrupted during a turbulent termination or merger and acquisition.

Table of Contents

Typical Scenarios


Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights Retainer℠
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks