Why Threat & Risk Intelligence (TRI) Is Necessary for Business Success

SecurityHQ’s, Threat & Risk Intelligence (TRI) Complete is a cyber security service that identifies attacks, breached corporate material, credentials, intellectual property and brand infringement by harvesting data available on the visible, dark, and deep web. The service is used to monitor the entire web to detect risks as well as alert, investigate and take down offending/inappropriate/confidential content.

What Your Digital Footprint Means for Your Business

A digital footprint combines all your digital activities that are traceable online and via devices. Every person who uses the internet or digital device will have a digital footprint. As an individual, you want to try and keep your digital footprint small, as everything you do online (social media, web searches, shared information on websites etc.) attributes to your footprint. The larger your digital footprint, the larger the threat landscape, the more prone to being vulnerable to cyber threats you are.

For businesses, which will have much larger digital footprints, it is hard to keep track and monitor all information, processes, and people. Without threat intelligence, you are never going to know what information is accessible across all digital platforms. This is an issue, especially when considering sensitive business data. In fact, most businesses are completely unaware of who and/or what is targeting them at a given time. With TRI Complete, threat experts look for signs that risks, such as sensitive data and user credentials or intellectual property have been exposed.

By using TRI Complete, you can monitor many of the areas you would otherwise not have access to. These include surface web, documents, deep and dark web, and technical sources.

Surface Web: Monitor code repositories, social media, mobile apps, content sharing, blogs, news, and pastes.

Documents: Monitor Cloud file stores, hosted file stores, and search engines.

Deep and Dark Web: Monitor IRC & telegram, TOR, content sharing, criminal forums, breaches, and pastes.

Technical Sources: Monitor WHOIS data, exploits, infrastructure scans, and Trusted Automated Exchange of Intelligence Information (STIX/TAXII) feeds.

These are the places TRI can be used scan for information. But what information is scanned for, is equally important.

What TRI Can Detect Within These Locations

It is important that TRI is being used to scan for the right kind of information. This includes searching for data leaks, where online brand protection may have been compromised, where the attack surface can be reduced, where intelligence is being leaked/shared on the dark web and where supplier attack and threat intelligence is found.  

Data Leakage Detection

Data leakage detection is used to highlight where data has been exposed. This includes searching for exposed customer accounts, exposed payment card details, exposed commercial documents, exposed credentials, exposed technical documents, marked technical documents, exposed access keys, leaked sensitive codes, leaked sensitive technology, misconfigured web server, unauthorised commit.

Online Brand Protection

Brand fraud is very common when it comes to large businesses and high-profile members. Online brand protection is used to search when impersonations are made. This includes impersonating a company profile, impersonating an employee profile, impersonating a domain, impersonating a mobile app, phishing a webpage, exposed employee PII.

Attack Surface Reduction

Attack surface reduction is used to analyse elements where the attack surface is vulnerable, and to put in place an action plan to reduce/patch vulnerabilities. This includes looking into areas such as expiring/expired/vulnerable or weak certificates, exposed port/ports, report of technical vulnerability, revoked certificate, vulnerable service/services.

Dark Web Threat Intel

Dark Web threat intelligence searches for anything regarding your company, people, process that is found on the Dark Web where the company is either mentioned by a threat actor, mentioned in relation to a Tactic Technique or Procedure (TTP), reported in a data breach, selling unauthorised data, or has been associated with a malware or phishing kit.

Supplier Attack

Supplier attack is where mentions for cyber-attacks, mentions for vulnerabilities, and typo squatting domains are highlighted.

Threat Intel

Threat intel provides the latest intelligence with regards to geographic risks, vulnerabilities and exploits for technologies used, threat actor tracking, industry risks, latest cyber-attacks and TTPs, as well as event-based risks.

How TRI Complete Can Benefit Business

For a comprehensive view of the features and benefits available with TRI Complete, download the data sheet here. Or, if you have a question or would like more information, contact a member of our Security Operations team, here.

About The Author

Eleanor Barlow

Based in London, Eleanor specialises in researching and reporting on the latest in cyber security intelligence, developing trends and security insights. As a skilled Content Manager and experienced named author and ghost writer, she is responsible for SecurityHQ’s content strategy. This includes generating content for the latest articles, press releases, whitepapers, case studies, website copy, socials, newsletters, threat intelligence and more. Eleanor holds a first-class degree in English Literature, and an MA from the University of Bristol. She has strong experience writing in B2B environments, as well as for wider technology-based research projects.

About SecurityHQ

SecurityHQ is a Global MSSP, that detects, and responds to threats, instantly. As your security partner, we alert and act on threats for you. Gain access to an army of analysts that work with you, as an extension of your team, 24/7, 365 days a year. Receive tailored advice and full visibility to ensure peace of mind, with our Global Security Operation Centres. Utilize our award-winning security solutions, knowledge, people, and process capabilities, to accelerate business and reduce risk and overall security costs.