THREATINTELLIGENCE

Threat Intelligence

Thre

at D

etec

tion

Sys

tem

Secu

re B

ank

/ Secure P

ortal

Group−IB

Attack attribution based on Threat Intelligence data.

Threat actor map Threat IntelligenceThreat attribution tools

group-ib.com

Evolution of Threat Detection Approach

Threat Intelligence

Threat Intelligence

From Indicator Management to Attacker Management

Threat Intelligence is a solution for analyzing and managing adversaries and threats that could affect your business.

Act on answers to:• Who and what are your security systems detecting?

• Who poses a threat to your business?

• What tools can be used to attack your organisation and how?

• Can your security system withstand a cyberattack?

• What security measures should be taken to ensure adequate protection?

The best approach is to manage attackers rather than indicators, which are often irrelevant to your organisation, and build a security system based on that knowledge.

Attacker management in lieu of indicator management.

1 Protection against attackers rather than irrelevant or general threats.

2 In-depth research into attackers instead of raw data analysis.

3 The most relevant data with up-to-date context.

4

Key differences:

New approach by Group-IB

Adversaries

Attacks

TTPs

Security tests

Matrix of threat actors targeting you, your industry, and partners.

Timeline of attacks performed by relevant threat actors. Focused research and hunting.

Deep analysis of tools and procedures matched with MITRE ATT&CK Matrix.

Test your environment with intelligence-driven Red team against TTPs of relevant threat actors.

group-ib.com

How Threat Intelligence Works

• Your security systems continuously detect threats.

• Threat Intelligence exposes what is overlooked by current solutions.

• All detected threats undergo attribution.

Detection1

• Raw data from web servers and malware is fed into the system.

• Attacks are matched to known threats through correlation between raw data and Threat Intelligence.

• Tools for analyzing malware and searching for hidden links make it possible to attribute yet unknown threats.

• Enriched indicators are integrated into security systems for more effective threat detection.

Attribution and enrichment

3

• Attackers are ranked according to their relevance.

• Threat hunting for new data is built around these attackers.

• Data on attackers is converted into their TTPs for future checks.

Ranking2

• New and relevant techniques are used for testing security systems.

• Testing is carried out by either a local team or Group-IB’s Red Team.

Testing4

Key advantages

Built-in attribution tool

Personalized and the most relevant threat intelligence

Integration with built-in security solutions with STIX /TAXII, API/JSON support

Collaboration with experts in various fields

In-depth analysis of attackers

Automated threat hunting, incident response, and malware research

Group-IB is ranked among the best threat intelligence vendors in the world by Gartner, IDC, Forrester, Cyber Defense Magazine, and SC Media.

GROUP–IB THREAT INTELLIGENCE

DetectLocal Threats

Attribute

Attack Timelines

Incident Response &

Investigations

Threat Detection

SystemISP sensors& Honeypots

Phishing& Malware

Botnet & PhishingExfiltration

Dark Web& Leaks

DistributedInternet Scanners

Passive DNS, SSL

Technical Indicators Compromised Data Internet Snapshots

AdversaryProfiles Threat Actor Infrastructure Exposure

HuntCollect

IntelligenceAnalyse

TTPsProtect

Group–IB is a leading provider of advanced Threat Intelligence, best–in–class anti–APT and anti–fraud solutions.

Group–IB is ranked among the best threat intelligence vendors in the world by Gartner, IDC, Forrester, Cyber Defense Magazine and SC Media.

We have provided professional development training to Europol, INTERPOL, law enforcement agencies and corporate security teams on four continents.

group-ib.com

Learn moreabout Threat Intelligence

info@group-ib.com

Contact us to test Threat Intelligence

group-ib.cominfo@group-ib.comtwitter.com/GroupIB_GIB

Get to know us

INTERPOL EUROPOL

Official partners

16 years 60 000+

of hands−on experience

1 000+ 360+

hours of incident response

cybercrime investigations

worldwide

world−class cybersecurity

experts

group-ib.com

Security & Risk Assessment

• Penetration Testing • Vulnerability Assessment• Source Code Analysis• Compromise Assessment• Red Teaming • Pre–IR Assessment• Compliance Audit

Cyber Education

• Digital Forensics• Incident Response• Malware Analysis

Digital Forensics

• Digital Forensics• Investigations of hi–tech financial

& corporate crimes, critical infrastructure attacks

Threat Hunting & Response

• 24/7 CERT–GIB• External and Internal Threat

Hunting• Onsite Incident Response• Incident Response Retainer

Strengthen your cybersecurity posture with services and advice from experienced specialists with ‘boots on the ground’ and access to one of the most advanced threat intelligence gathering infrastructures in the world.

Intelligence–Driven Services