Next Generation Threat Intelligence and Research: Adversary Counterintelligence

6 May 2021

By Sanjay Raja, VP of Marketing

Prevailion, Inc.

Previous Generation Intelligence and Adversary Hunting

A subset of Threat Intelligence or even Threat Hunting using Intelligence called Adversary Intelligence or Adversary Hunting is nothing new. Traditional threat intelligence has focused on

  1. Identifying and documenting newly discovered threats
  2. Identifying Threat Actor Tactics, Techniques, Procedures (TTPs)
  3. Delivering insights into threats actively impacting organizations

In addition, numerous solution providers have assembled teams to better understand threat actor activities and their tactics to then reuse this data to find chatter about planned or successful attacks and/or discover stolen data repositories by combing surface, deep, and dark web data. The human element, i.e., threat research teams and their analysts are the lifeblood of this information collection and analysis. It requires expert security knowledge and an intimate understanding of threat actor and their TTPs. Most cybersecurity technology and service providers have their own security research teams that focus on the activities listed above as well as the consumption of this data into their own products or sharing across the security industry.

The True Value Provided by Previous Generation Intelligence

To simplify the conversation, we can break down the usage into two overall categories:

  1. Proactive INTELLIGENCE
    1. Aides in understanding risk to harden yourself against threats: Vulnerability Management, Risk Score Vendors, Attack Surface Management (ASM)
  2. Reactive INTELLIGENCE
    1. Aides in understanding potential threats that have already impacted the organizations: A/V, XDR, SIEM

The challenge with #1 is that understanding risk does not establish concretely whether you will definitively be exploited and compromised or not. It is predictive only and rather subjective. The challenge with #2 is that despite advancements in understanding threats and the threat landscape, combining and analyzing indicators of compromise and threat intelligence with machine learning (ML) and Artificial Intelligence (AI) engines it continues to take weeks or months to find the compromise before damage is done. Operational security, incident response, and threat hunting teams still need to engage over a long period to build the puzzle in order to see the picture, aka attack campaign and the associated operations which it is comprised of.

A New Breed of Research Team That Gets You To a Photograph, NOT Puzzle Pieces!

The Prevailion Adversarial Counterintelligence Team (P.A.C.T) has been established with the mission of finding compromises well in advance of traditional offerings, with a higher degree of confidence in the attack chain in order to take immediate action. The PACT accomplishes this through a truly ground-breaking and next generation approach:

What the P.A.C.T. is able to uniquely do in advancing Prevailion’s intelligence capabilities:

  1. Track down actual adversarial infrastructure by understanding how threat actors communicate out of your environments
  2. Build trusted relationships with domain registrars and dynamic DNS providers in order to commandeer attacker infrastructure and communications to better understand how and where they have compromised target organizations
  3. Work with the Prevailion SaaS platform to analyze this data to develop Evidence of Compromise delivered as Prevailion Compromise IntelligenceTM.

PACT avoids areas that are commodity, operationaly disruptive, or subjective/of limited value:

  1. Looking for new vulnerabilities and/or potential exploits
  2. “Sniffing” the wire either internally or externally (e.g., no pcap or netflow data etc.)
  3. Dark-web scanning or chat room monitoring
  4. Perimeter scraping to determine vulnerable public facing access
  5. Using risk scores to subjectively and somewhat arbitrarily rank supply chain partners versus just knowing when they are actively compromised.

Compromise Intelligence is NOT your typical Threat Intelligence

Prevailion Compromise Intelligence is actionable and high-fidelity knowledge about existing compromises that are active NOW in your environment in addition to your third-party partners and suppliers’ environments. CSOs and Operational Security Teams are seeing the need for something different. This is why some of our largest customers have taken the special and strategic approach of participating in our funding. You can read more here about our strategic round of funding HERE. To learn more about how trusting in P.A.C.T. and Prevailion can is an absolute game changer for improving how you can detect and respond to breaches, you can go HERE to learn more or contact Prevailion Sales.

The Latest

Prevailion CEO, Karim Hijazi – Cheddar News- FCC commissioner calls on Apple and Google to ban TikTok app

A member of the FCC renewed urgency calls on Apple and Google to remove TikTok from their app stores, raising concerns that TikTok’s Chinese-based parent company is collecting user data that is being accessed in China.

Learn More

IRONSCALES Cyber Security Heroes: The New Cyber Era Post Ukraine Invasion

Learn More

What Wicked Webs We Un-weave

What Wicked Webs We Un-weave: Wizard Spider once again proving it isn’t you, it isn’t me; we search for things that you can’t see Authored by: Matt Stafford and Sherman Smith Executive summary: In late January 2022, Prevailion’s Adversarial Counterintelligence Team (PACT) identified extensive phishing activity designed to harvest credentials for Naver. Naver is a […]

Learn More
All Resources
Copyright 2023 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.