Data breaches and cyber-attacks are often tied to vendors, partners, or other external organizations. Threat intelligence can help to shed a light on an organization's third-party risks and help to provide guidance on how to mitigate that risk.
3. Baselining the Different Types of
Cyber Threat Intelligence
For Senior Business Leaders – CISO, CIO, Risk Officer, etc.
• Informs business decisions and used to prioritize defense and direct
cybersecurity investments
• “Known Knowns” – Threat is understood and can be acted on / mitigated
For SOC/NOC Managers and Threat Analysts
• Aggregation of events along with the motivations, intent, and capabilities
of adversaries – how they plan, conduct, and sustain attack campaigns
• “Known Unknowns” – Confirmed existence of an actual threat
For SOC/NOC Operators
• The effort to detect and respond to on-the-wire events that are
technical and high volume. Focuses on threat indicators to hunt for and
defend against adversaries. Little-to-no contextualization or learning.
• “Unknown Unknowns” – Something weird is going on
Operational
Tactical
Decision
Strategic
Inputs
Outputs
Inputs
Outputs
LevelofIntelligence
3
5. Your Digital Footprint Provides a Lot
of Opportunity for Adversaries
5
You
Are
Here
Or Here
Or Here
According to PwC
• Smaller companies spend far less on
cyber security
• As big companies get better,
attackers are targeting smaller, less
capable businesses
• 57% of breaches originate from
partners & suppliers. In retail &
consumer goods it’s 68%
• Large orgs make little effort to
monitor the security of their partners
or suppliers
• Attackers know this!
• A moat around a heavily fortified
castle does nothing if the bridge is
down to your supply chain
6. Practical Risk Mitigation Steps
You Can Take
6
1. Ensure vendors are properly managing data and access
credentials. Poor security practices and errors among 3rd parties
regularly lead to unauthorized access and sensitive information
being exposed.
2. Gain visibility of who is connected to your organization. Know
who you’re working with, continue to evaluate their cyber risks
and understand how they are digitally connected to you.
3. Look at threat activity outside your organization – as well as
obviously from within. Threat intelligence provides insights as to
where to focus your resources most effectively. The best approach
leverages both internal and external intel – so you have a
complete picture of risk.
7. Dark Web Markets: Where Your
Information is Actively Targeted and Sold
• Hacking for Hire
• PII/Identity Info/Credit Cards
• Cyber Exploits for Sale
• Vulnerabilities for Sale
• Stolen IP, Designs & Counterfeits
• Spam & Phishing Campaigns for Hire
• Doxxing & Investigation for Hire
• Hacktivist Targeting Forums
• Insider Threat for Hire
7
8. 8
The SurfWatch Labs
Threat Intelligence Stack
Cloud-based Suite and Advisory
Services deliver:
• Strategic and Operational
Threat Intelligence
• Relevant Cyber Risk
Management
• Actionable Fraud Awareness
and Prevention
• Digital Supply Chain Risk Visibility
• Brand and IP Protection
• Legal and Regulatory
Diligence
• KPIs and Cyber Risk
Reporting
Products
SaaS Applications and
API
Information and Analytics
Collect, Validate, Analyze and
Enrich
Solutions
Human Expertise Threat
Analyst
Cyber
Advisor
Data Collection Sources:
• Millions of Open Source
Media Outlets
• Twitter – Full Feed
• Cyber-Focused Sources- Blogs,
Security Researchers, etc.)
• Govt Mandated Breach Reports
• Vulnerability Reports
• PII Release Reports
• Phishing Feeds
• Dark Web Markets & Forums
• Paste Sites
• SurfWatch Customers
9. Q&A and Additional
SurfWatch Labs Resources
9
SurfWatch Cyber Advisor:
www.surfwatchlabs.com/cyber-advisor
SurfWatch Threat Analyst:
www.surfwatchlabs.com/threat-intel
Dark Web Intelligence:
www.surfwatchlabs.com/dark-web-intelligence
Personalized SurfWatch Demo:
info.surfwatchlabs.com/request-demo
Strategic and Operational Threat Intelligence
Editor's Notes
Talk through the different types of threats out on the dark web