Domain Threat Intelligence – Digital tech it’s at the core of every industry nowadays. Automation and interconnection between machines are the pillars at the center of the current economic revolution, but at the same time this Paradigm shift and the subsequent expansion of the digital perimeter has increased several times the risk of Cyber Attacks.
Domain Threat Intelligence is the knowledge base that allows to prevent or mitigate these attacks. Strongly based on pure Data, Domain Threat Intelligence provides useful information and indicators to implement better cyber defence strategies and improve the resilience of your company perimeter.
Gartner defines it this way: “Domain Threat Intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and advice on an existing or emerging threat. This information can be used to better inform decisions regarding the subject’s response to such a threat or danger.
Why Domain Threat Intelligence is strategic
Today, the Cyber Security sector is facing many complex challenges – always increasing in number and level – from groups of very skillful Criminal Hackers, to a huge amount of data to analyze and numerous false alarms.
Swascan’s Domain Threat Intelligence is the solution to these problems. The process of information gathering and analysis is able to give shape to unstructured data and to connect them through concrete indicators such as level and number of vulnerabilities and the possible ways through which the Criminal Hacker could take advantage of them.
The Domain Threat Intelligence is able to provide a timely, contextualized and – above all – easily interpretable “actionable intelligence” even to those who are not expressly in the sector, but are, however, in charge of the strategic business decisions.
Who can benefit from Domain Threat Intelligence?
The simple answer? All kind of organizations!
Domain Threat Intelligence is not only applicable to the company domain of the biggest players on the market, but it’s also so flexible that it can provide precious insights to any kind of business, disregarding size and market share.
When information on the possible attack vectors – extracted thanks to the Domain Threat Intelligence – are treated as a separate component to the usual paradigm of Cyber Security there’s a concrete risk that those will never get to the right people in time.
Integrating the Domain Threat Intelligence in the standard Security workflow can and will significantly improve aspects ranging from Fraud prevention to Risk analysis and other high-Risk Security issues.
Threat Intelligence categories
Typically, Threat Intelligence is divided into 3 categories:
- Strategic: the most non-specialized and informative for the non-technical crowd;
- Tactic: describes the tactics, techniques and procedures of the Criminal Hackers – often intended for a more specialized public;
- Operational: Provides specific details on a Criminal Hacking campaign.
In detail, Strategic Threat Intelligence provides a broad overview of the threats to which an organization is currently exposed. It is intended to better inform high-level decisions made by an organization’s managers and other decision-makers, as such, the content is generally less technical and is presented through reports or briefings. Good strategic intelligence should provide information on areas such as the risks associated with certain lines of action and broad schemes in the tactics and objectives of the Threat Actors.
Tactical Threat Intelligence outlines the tactics, techniques and procedures (TTP) of the threat actors. It should help defenders to understand, in specific terms, how their organization could be attacked and the best ways to defend themselves or mitigate such attacks.
It usually includes the technical context and is used by personnel directly involved in the defense of an organization such as administrators and security personnel.
Operational intelligence, lastly, is direct knowledge of cyber-attacks, events or campaigns. It provides specialized insights that help incident response teams understand the nature, intent and timing of specific attacks.
As a result, there are some barriers to collecting this type of information:
- Access – Criminal Hacker groups can communicate through private, encrypted channels, or request some proof of identification. There are also language barriers with groups located in foreign countries;
- “Noise” – It may be difficult or impossible to manually collect good information from high-volume sources such as chat rooms and social media;
- Obfuscation – This is a technique used to avoid detection; groups at risk can use obfuscation tactics such as the use of code names.
Swascan’s Domain Threat Intelligence
As mentioned in the article the Domain Threat Intelligence has the strict objective of finding out eventual information – available at OSINT and CLOSINT level – related to a selected target.
The Threat Intelligence gathering activity is carried out through a process of research, individuation and selection of all the publicly available information relating to the domain of interest. Threat Intelligence activities are carried out on targets and digital identifiers relating to compromised assets and emails. The activity is conducted through the search, identification and selection of publicly available information relating to the domain, subdomain and compromised email.
Osint & Closint
The service does not perform any security tests on the target, it operates only on information collected at the OSINT and CLOSINT level and available on the Dark Web.
– OSINT: An acronym for Open Source Intelligence, it refers to the process of gathering information through the consultation of public domain sources also called “open sources”.
– CLOSINT: Close Source Intelligence, process of information collection through consultation of “closed sources”, not accessible to the public or “reserved” areas.
All this is obviously concluded by a detailed report of the activities in PDF format.