CYBER THREAT INTELLIGENCE


STRATEGIKA Intelligence's Cyber Threat Intelligence

STRATEGIKA Intelligence proactively monitors internal networks and systems and the global threat landscape, including valuable data from the clear, deep and dark web, to identify patterns, behaviors and threats before they materialize. STRATEGIKA Intelligence helps companies by interpreting cyber threat intelligence based on context, taking the guesswork out of the process and focusing on what matters most to safeguard the business. STRATEGIKA Intelligence uses specific threat intelligence to conduct comprehensive incident response and cyber investigations by exploring the dark web to determine if you have been exposed, how it happened, what data was leaked, and the extent of the impact it may have on the business. Whether the breach stems from external threats, criminal activity, internal threats, or unintentional employee negligence, we capture information about the threat actor, intentions, and other potential threats or vulnerabilities to prevent further incidents.

Our Cyber Threat Intelligence enables the company to understand if threat intelligence alerts are relevant and, if actionable, can be transferred to other departments and stakeholders in the company. The Cyber Threat Intelligence service proposes a methodology based on data fusion, through the use of different information sources.


STRATEGIKA Intelligence's Cyber Threat Team

STRATEGIKA Intelligence's Cyber Threat Intelligence Team is formed by professionals with many years of experience in the field of information security. The team is composed of professionals with different skills, acquired in contexts such as Red Team, Cyber Threat Intelligence, Incident Response, Malware Analysis, Threat Hunting. The main objective of the Team is the collection and analysis of information in order to characterize possible cyber threats, in relation to specific operational contexts. This activity allows to have a knowledge base of the adversaries including their Tactical Techniques and Procedures (TTP), their main targets as well as the impact they could have on STRATEGIKA Intelligence Clients' business.

Having the ability to identify and react to security incidents is an excellent starting point, but if we want to protect our assets in the best way, it becomes important to anticipate the adversaries' moves and to have "information" on the real risk exposure. For this reason, it is necessary to extend the action of contrast to cybercrime outside the company boundaries and to search for information on the threat agents for the company; this is where we intervene. Cyber Threat Intelligence in this helps companies gain valuable knowledge about the most imminent threats, build effective defense mechanisms and mitigate risks that could damage profits and reputation, including through visibility into threats that have hit, want to hit or are about to hit assets.

This "tactical" approach of Cyber Threat Intelligence is useful to block the indicators of compromise (IoC), based on the search, identification and selection of information available and referable to the organization (domains, digital assets, IPs, emails, botnets, etc.), looking for them in the so-called "underground communities", TOR based forums and marketplaces, IRC channels, etc.


Service Delivery

The service proposes a methodology based on the fusion of data, through the use of different information sources, activating a personalized monitoring on the main threats present on the clear, deep and dark web and does not require the use of dedicated equipment or specific software located at the facilities of the customer, as it is based on information processed by the STRATEGIKA Intelligence platform.

The service is provided not only through manual search activities, but also through automated acquisition of intelligence data. In the activities of investigation, collection and distribution of information, the work of the Team is supported by advanced tools and a proprietary platform. The platform analyzes a large amount of data coming from different channels, both from open sources (OSINT) such as social networks, and from restricted sources and underground channels (CLOSINT).

A service dedicated to the identification of intelligence events that could damage the company or the brand. The activity is also based on the research and online identification of sensitive documents, confidential material, as well as compromised credentials both on data leaks/breach shared or traded in underground/cyber-criminal environments, and in black-markets or restricted access forums in the dark web. In addition, the service includes continuous monitoring of users with particular media exposure (CEOs, Executives, C-Levels) for identification of threats targeted at the individual, such as exposure of credentials or personal information, vectors for potential phishing campaigns, spear phishing, identity theft, and other cyber-criminal actions.