Even years later, WannaCry and NotPetya are hot topics when it comes to cybersecurity. The Threat Intelligence service available from Synetis can play an important preventive as well as defensive role when this type of event occurs.
Threat Intelligence also means knowing how to anticipate data leaks, or if necessary, being able to detect them before it is too late. CSIRT has developed many tools specifically for this purpose and can be a major asset in monitoring and detecting leaks which, moreover, can come from multiple sources.
In real time, the Synetis Threat Intelligence tool aims to collect, organize and analyze all online information related to ISS in order to protect them from potential cyber-attacks. The information collected can be of different types: domain names, IP addresses, emails, etc.. Each of these pieces of information can represent a compromise indicator. The objective is to find salient indicators and analyze them to determine whether or not a given indicator represents a threat.
In other words, Threat Intelligence is about gathering salient information in order to better defend oneself, all the more so in these troubled times when it is more than necessary (even vital in some cases) to remain vigilant but also to redouble one’s mistrust.
Our CSIRT can set up custom surveillance of cyber and external threats. The Synetis methodology encompasses, among others (non-exhaustive list):
- Leaks on the visible Web or Darknet of e-mail addresses, domain names, IPs, names of collaborators or VIPs, etc.
- Leaks of sensitive data such as files marked “confidential”, access accounts, user accounts, databases, etc.
The fundamental challenges of Threat Intelligence are: fight against data leaks (or even fraud); protect an information system and personal data; protect a brand image.