leveraging threa t intelligence - intsightswow.intsights.com/rs/071-zwd-900/images/leveraging... ·...
TRANSCRIPT
threat intelligence USe caSeSintSightS
1 A Complete Guide to Industry and Functional Use Cases
Leveraging ThreaT inTeLLigenceA Complete Guide to Industry and Functional Use Cases
Threat Intel l igence Real ized.
threat intelligence USe caSeSintSightS
2 A Complete Guide to Industry and Functional Use Cases
inTroducTion To ThreaT inTeLLigenceThe practice of gathering intelligence is not a new concept. While the methods and motives may change,
the main idea is to collect information that will help you stop some form of future damage or harm. Just like
law enforcement and government agencies work to establish intelligence sources to prevent future crimes,
organizations can collect intelligence to prevent future cyberattacks.
With the cyber threat landscape evolving rapidly, many enterprises and other large organizations are seeking
more effective ways to protect themselves and their employees from these threats. This practice has become
known as Cyber Threat Intelligence (CTI). There are lots of definitions that you can find for CTI, but the goal is to
provide advanced warning and proactive detection of cyberattacks before they’re carried out. In other words, it’s
trying to understand the Who, What, Where, When and Why behind a cyberattack.
Threat intelligence and digital risk protection solutions can help you take a more proactive approach to managing
cybersecurity. By translating early warnings and imminent threats into specific security actions, you can
significantly reduce your risk and preemptively mitigate attacks.
However, many organizations have struggled to adopt threat intelligence effectively, either due to lack of
resources or lack of knowledge for how to manage this type of cyber intelligence. This means many companies
are missing out on key intelligence they can leverage to better protect themselves and secure their environments.
In this document, we provide an overview for how Threat Intelligence can be used for the following industries and
use cases.
IndUstrIesAutomotive
Financial services
Gaming & Leisure
Healthcare
Manufacturing
Oil & Gas
retail
Use CAsesBrand Protection
Credential Leakage
dark Web Monitoring
Fraud detection
Incident response & threat Hunting
Phishing detection & takedown
VIP & executive Protection
Vulnerability Prioritization
threat intelligence USe caSeSintSightS
3 A Complete Guide to Industry and Functional Use Cases
indusTry use cases
Automotive
Financial services
Gaming & Leisure
Healthcare
Manufacturing
Oil & Gas
retail
threat intelligence USe caSeSintSightS
4 A Complete Guide to Industry and Functional Use Cases
auTomoTiveAutomakers are incorporating more technology into the design and production of their
vehicles, increasing their IT complexity and attack surface. Automotive companies make
lucrative targets for hackers because both their information and products are expensive,
and they rely on lots of different technology and business partners.
tHreAt InteLLIGenCe Use CAses Here are some common cyber threats that Automotive organizations need help protecting against.
1. Stolen Vehicles Being Sold on the Dark Web
2. Vehicle Hacking and Attack Strategies
3. Intellectual Property Protection
4. IoT Threats and Attack Indication
5. Architectural Plans or Diagrams
6. Spam or Phishing Attacks
7. Target List or Attack Intention
8. Brand or VIP Impersonation
9. Insider Threats
HOW IntsIGHts CAn HeLPIntSights provides the industry’s most comprehensive view into external threats facing the automotive vertical,
allowing organizations to see, investigate and mitigate new threats targeting them and their customers.
ANTICIPATE DIRECT
THREATS
PROTECT BRAND &
CUSTOMERS
IDENTIFY IPLEAKS
threat intelligence USe caSeSintSightS
5 A Complete Guide to Industry and Functional Use Cases
FinanciaL servicesTo boost their competitiveness, financial services companies are moving their operations
to the cloud, and embracing new technologies such blockchain, Bitcoin and other
cryptocurrencies, and digital payment systems. But the SWIFT incident and other high-profile
attacks have made it clear that using these next-gen financial systems introduces new risks.
tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Financial Services organizations need help protecting against.
1. Leaked Credit Cards (using BIN)
2. Leaked Bank Accounts
3. Bank Material For Sale on Black Market
4. Leaked M&A, Investment or Other Private Information
5. Fake Social Media Accounts
6. Phishing Sites (Targeting Employees and/or Customers)
7. Target List or Attack Intention
8. Cash Back or Tax Refund Scheme
9. Brand or VIP Impersonation
10. Insider Threats
HOW IntsIGHts CAn HeLP IntSights enables firms to identify, understand, and preemptively mitigate attacks before they impact
customers, disrupt firms’ operations, cause reputational damage, or create regulatory exposure.
ANTICIPATE DIRECT
THREATS
REDuCE fRAuD
PRoTECT CuSTomERS
threat intelligence USe caSeSintSightS
6 A Complete Guide to Industry and Functional Use Cases
gaming & LeisureFor years, the Gaming, Hospitality and Leisure industry has been a favored target of
criminals. Unfortunately, hackers are now also finding favor in targeting the industry as
technologies adopted to improve customer experience and maximize revenue have created
online opportunities for exploitation, data theft and fraud.
tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Gaming & Leisure organizations need help protecting against.
1. Phishing Websites and Scams
2. Slot Machine Hacking
3. Loyalty Club Attacks
4. Target List or Attack Intention
5. Brand or VIP Impersonation
6. Insider Threats
HOW IntsIGHts CAn HeLPIntSights mediates the cyber risks and exposure that comes with new rewards programs, player cards,
multi-channel engagement strategies, and merger and acquisition activity.
ANTICIPATE DIRECT
THREATS
IDENTIfy GAmING SCAmS
mAINTAINbRAND
REPuTATIoN
threat intelligence USe caSeSintSightS
7 A Complete Guide to Industry and Functional Use Cases
heaLThcareIt’s well known that the healthcare sector is in in an uphill battle with hackers. What’s less
widely recognized is that as hospitals expand their use of connected medical devices, it’s
opening up new attack vectors for hackers. Now, instead of just holding networks or EMR
systems for ransom, hackers can do the same with things like dialysis machines, insulin
pumps, and CAT scanners.
tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Healthcare organizations need help protecting against.
1. Leaked Patient Records or Intent to Leak (HIPAA)
2. Leaked PII From VIPs, Employees or Patients
3. Fake Social Media Accounts
4. Spam or Phishing Attacks
5. Target List or Attack Intention
6. Malware Documents Using Entity Name
7. Brand or VIP Impersonation
8. Insider Threats
HOW IntsIGHts CAn HeLPIntSights gives healthcare organizations the tailored intelligence and automated remediation capabilities
they need to protect themselves and their patients from these evolving cybersecurity threats.
ANTICIPATE DIRECT
THREATS
PRoTECTPATIENT PII
PRoTECT mEDICAl DEvICES
threat intelligence USe caSeSintSightS
8 A Complete Guide to Industry and Functional Use Cases
manuFacTuringManufacturers are connecting their networks, integrating their OT and IT environments,
and using the Industrial Internet of Things’ sensor data and machine-to-machine
communication to run their supply chains, production lines, and entire factories. This
automation and connectivity delivers big efficiency gains, but it also creates a much larger
attack surface for hackers to infiltrate.
tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Manufacturing organizations need help protecting against.
1. Intellectual Property Protection
2. IoT Threats and Attack Indication
3. Architectural Plans or Diagrams
4. Spam or Phishing Attacks
5. Target List or Attack Intention
6. Key Generators
7. Brand or VIP Impersonation
8. Insider Threats
HOW IntsIGHts CAn HeLPIntSights gives manufacturers the tailored intelligence and automated remediation capabilities they need to
leverage automation while protecting their plants, equipment, processes, and intellectual property.
ANTICIPATE DIRECT
THREATS
PRoTECTmANufACTuRINg
DEvICES
IDENTIfyIP lEAkS
threat intelligence USe caSeSintSightS
9 A Complete Guide to Industry and Functional Use Cases
oiL & gasThe need for a shared approach to critical infrastructure protection, and the increasing role
connectivity plays in operational efficiency, have moved oil and gas companies away from
the ‘air gaps’ that used to protect their networks – and into hackers’ line of fire.
tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Oil & Gas organizations need help protecting against.
1. Operational Technology Attacks
2. Phishing Scams
3. Leaked Credentials
4. Industrial Supplier Protection
5. Target List or Attack Intention
6. Brand or VIP Impersonation
7. Insider Threats
HOW IntsIGHts CAn HeLP IntSights provides oil and gas companies with the tailored threat intelligence and automated remediation
they need to protect against attacks that aim to exploit their new, more connected networks.
ANTICIPATE DIRECT
THREATS
PRoTECT INDuSTRIAl CoNTRolS
IDENTIfySENSITIvE
DATA lEAkAgE
threat intelligence USe caSeSintSightS
10 A Complete Guide to Industry and Functional Use Cases
reTaiLThe rapid adoption of next-generation transactional and virtual shopping technologies in
parallel with demands for customer engagement and rewards programs have introduced new
risks, putting security teams tasked with protecting the brand and its loyal customers in the
crosshairs.
tHreAt InteLLIGenCe Use CAsesHere are some common cyber threats that Retail organizations need help protecting against.
1. Stolen Gift Cards & Gift Card Scams
2. Refund Scams
3. Reward or Membership Scams
4. Carding Methods
5. Company Products Being Sold on Black Market
6. Fake Social Media Accounts & Mobile Applications
7. Phishing Sites (Targeting Customers and/or Employees)
8. Brand or VIP Impersonation
9. Insider Threats
HOW IntsIGHts CAn HeLP IntSights delivers the capabilities necessary to see, investigate and
mitigate the threats designed to exploit the innovations driving change in the retail industry.
ANTICIPATE DIRECT
THREATS
IDENTIfyRETAIl SCAmS
mAINTAINbRAND
REPuTATIoN
threat intelligence USe caSeSintSightS
11 A Complete Guide to Industry and Functional Use Cases
generaL use cases & gLossary
Brand Protection
Credential Leakage
dark Web Monitoring
Fraud detection
Incident response & threat Hunting
Phishing detection & takedown
VIP & executive Protection
Vulnerability Prioritization
threat intelligence USe caSeSintSightS
12 A Complete Guide to Industry and Functional Use Cases
ThreaT inTeLLigence: gLossary & generaL use cases
BrAnd PrOteCtIOnThe larger your corporate brand and reach, the bigger the target is on your back. It takes lots
of time, effort, and money to create a brand and build brand equity. That’s what makes it so
valuable – and so attractive as a target for hackers. Next-generation threat intelligence platforms
provide real-time scanning of external sources to detect tampering and impersonation that could
negatively affect your brand’s reputation including your organization’s domains, IP addresses,
mobile applications, and social media pages.
In addition, you need access to tools and partnerships that allow you to takedown brand
impersonation campaigns once you identify them. Accelerating the takedown process will
minimize the overall risk and damage from these attacks.
CredentIAL LeAkAGeThe easiest and most effective way for any criminal to succeed is with direct, credentialed access
to protected systems. Stolen emails and passwords are some of the most valued information on
the dark web, and unfortunately social-engineering campaigns and gaps in security processes
leave them exposed and easily attainable. Advanced threat intelligence platforms provide near
real-time notification of credential leakage incidents and can verify if the leaked credentials are
active in your directory system and thus, pose a risk. In addition, you should leverage automation
capabilities to automatically block access or send password reset notifications to any leaked
credentials that are active.
dArk WeB MOnItOrInGProtecting your organization without dark web monitoring is like trying to defend a castle without
any watch posts. Attackers often tip their hands by doing things on the surface and dark web
like scouting targets, using suspicious tools, and collaborating with other hackers. This insight
can be incredibly valuable in helping you thwart attacks before they hit your organization. Next-
generation threat intelligence platforms provide continuous scanning and sophisticated analysis
capabilities to understand how a threat impacts your organization and if action is needed.
threat intelligence USe caSeSintSightS
13 A Complete Guide to Industry and Functional Use Cases
FrAUd deteCtIOnMost organizations have a range of IT security tools in place, such as firewalls, gateways, IDS/
IPS, and malware detection systems. They’ve also taken steps to integrate and further harden
those systems. With these tougher defense-in-depth measures to beat, many hackers now use
a variety of fraud tactics to sell personal and/or financial data on black market and circumvent
corporate defense systems.
Advanced threat intelligence platforms can identify fraud campaigns that take place outside your
firewall, so you can protect customers, employees and partners from fraudulent activity.
InCIdent resPOnse & tHreAt HUntInGIn any adversarial situation, it’s critical to study and know your enemy. Next-generation threat
intelligence platforms provide IT Security & SOC teams visibility into potential threats and
detailed, evidentiary trends and campaign data for in-depth threat investigation, monitoring and
engagement.
PHIsHInG deteCtIOn & tAkedOWnPhishing is one of the most popular attacks used by threat actors because it’s simple and it
works. Rather than waiting for a perimeter defense (i.e. Antivirus, Firewall) to detect and block
a phishing sites, there are more proactive measures you can take to thwart these attacks.
Advanced threat intelligence solutions can monitor for suspicious domains that mimic your
corporate domains and/or IP addresses, and tell you if that domain might be used for malicious
activity.
In addition, threat intelligence solutions can help you identify phishing attempts through newer
channels, like social media or application stores, that may be attempting to target customers.
This enables you to extend phishing protection to customers and partners, not just your
employees.
Lastly, make sure you’re using a solution that allows you to takedown and automatically block
malicious URLs and campaigns to stop attacks before they are launched.
threat intelligence USe caSeSintSightS
VIP & exeCUtIVe PrOteCtIOnGone are the days when executive protection only extended to physical security. With the
amount of information on the web and social media, it’s become incredibly easy to launch
targeted attacks against company executives. And it’s not just executives; organizations need
to worry about cybersecurity for other senior people associated with their businesses, including
investors, board members, and advisors. Next-generation threat intelligence platforms provide
continuous, customized scanning of a wide range of online sources, including email and social
media sites to ensure real-time notification of criminal attempts to spoof executive personas.
VULnerABILIty PrIOrItIzAtIOnGiven how fast the threat landscape grows and changes, manually correlating threat and exploit
data to vulnerabilities is no longer a viable strategy. Automation is a must. Advanced threat
intelligence platforms understand the risk, urgency, and potential impact of exploits to your
organization’s specific vulnerabilities, enabling you to prioritize activities and quickly understand
what’s most important.
Threat Intel l igence Real ized.
ABOUt IntsIGHtsIntSights is redefining cyber security with the industry’s first and only enterprise threat management platform that transforms tailored threat intelligence into automated security operations. Our ground-breaking data-mining algorithms and unique machine learning capabilities continuously monitor an enterprise’s external digital profile across the surface, deep and dark web, categorize and analyze tens of thousands of threats, and automate the risk remediation lifecycle — streamlining workflows, maximizing resources and securing business operations. This has made IntSights’ one of the fastest growing cyber security companies in the world. IntSights has offices in Tel Aviv, Amsterdam, New York, Dallas, Tokyo, Singapore and is backed by Glilot Capital Partners, Blumberg Capital, Tola Capital, Blackstone and Wipro Ventures. To learn more, visit www.intsights.com.