Tip of the Spear: Evidence of Breach and Breach Intelligence

Tip of the Spear: Evidence of Breach and Breach Intelligence featured image
9 July 2020


For quite some time we at Prevailion have been speaking publicly to the nature of the differences between Prevailion and other vendors in the threat intelligence market, and for good reason. There are two key concepts at the forefront of every discussion that I and my peers have when discussing who we are, what we do, why we are unique, and what we do: Evidence of Compromise (EoC), and Compromise Intelligence (CI). There is little that leads me to believe as I write this blog that there are any vendors current or emerging who are approaching the challenges facing organizations (for-profit and otherwise), from the same vantage point that we are.  In fact, I would go as far as to say that none do.

The Market Today And Where We Are Leading It

With all but a few exceptions, threat intelligence offerings being brought to market today depend largely on conventional approaches to collection and synthesis of data related to the threat landscape and adversaries – approaches that rely heavily upon the integrity and freshness of curated lists of Indicators of Compromise (IOCs) or Indicators of Attack (IoA) largely acquired and ingested from third party organizations (commercial or otherwise), the ability to scan and enumerate the Internet at a surface, deep, and dark web level (think ToR or i2p here), rudimentary and DNS sinkholing, DNS (pDNS, Domain Intel etc.), or the use of HUMINT techniques (in one respect or another) in an operational capacity. From an academic perspective it is fair to say that there is nothing wrong with these approaches. However, when explored from the vantage point of an organization that has placed its money and more importantly it’s trust (not to mention its’ brand and reputation) in the hands of vendors who utilize,  produce and promote these approaches exclusively against ever evolving adversaries; organizations who continue to experience compromise and breach, yes; there is something wrong with this approaches.  They simply do not work as effectively or consistently as one might hope. And even when combined with some form of network or software agent deployment the results vary at best.

This is not conjecture. This is a fact. A fact observed every day when I look across the expanse of the intelligence contained within our platform and see organizations – large and small; all of which have investments (in some cases quite extensive ones), in cybersecurity offerings and services that for one reason or another simply do not provide the efficacy that their customers were promised over time. And though some of these offerings come much closer to doing so than not (think for a moment about the glory days of organizations like NetWitness and the market it helped birth that is now referred to as the ‘Network Traffic Analysis’ market or CarbonBlack who inarguably pioneered the EDR market), they are reliant upon being granted access to the network in order to instrument and collect data necessary to produce a viable profile of the organization that can be acted upon. Here is where we differ. Greatly.

Once More Unto the Breach, Dear Friends

Our approach does not and has never relied on the aforementioned approaches used in the hope of gaining a comprehensive understanding of the targeted victim environment and what is going on within it. We strive diligently to not gain a comprehensive understanding of the entire target environment but rather focus on only what matters and concerns us most: it’s state of real-time compromise. We believe we have achieved that and we are prepared to up the ante through yet another achievement; an achievement that will aid us and our customers in not only understanding their real-time state of compromise but also their real-time state of breach. As I write this blog, Prevailion is advancing its efforts in and around our ability to promote and publish (legally), Evidence of Breach (EoB) and Breach Intelligence (BI) through our unique approach in detecting and repatriating to our customers real-time breach detection intelligence. We believe strongly and passionately in our ability to provide this intelligence to our customers in the same way we provide EoC and CI to them today, leveraging our external approach to the target environment while taking the fight to the adversary. The executive team here at Prevailion believe strongly that this new capability will not only disrupt the industry through several ways (something we enjoy doing greatly) but will also aid victim organizations in being able to detect, recognize, and respond to breaches faster than ever before without touching the network or asking permission to do so.

Road Ahead

As Principal Security Strategist here at Prevailion, I am excited to share this news with you. It is the result of hard work by some of the industries brightest minds and a determination to address challenges on behalf of those who cannot do so for themselves.  I am proud to be a part of such an extraordinary team and encourage you all to visit the following link, sign up for a free account in our APEX Platform™, and begin your journey with us. We are not slowing down and will continue to push the boundaries in our struggle against advanced cybercriminals, nation-states, and their proxies operating globally whose mission is to target, compromise, exploit, abscond with intelligence (of one form or another), and in some cases destroy their victims. Join the fight. Together, we will prevail.  

The Latest

Prevailion CEO, Karim Hijazi – Cheddar News- FCC commissioner calls on Apple and Google to ban TikTok app

A member of the FCC renewed urgency calls on Apple and Google to remove TikTok from their app stores, raising concerns that TikTok’s Chinese-based parent company is collecting user data that is being accessed in China.

IRONSCALES Cyber Security Heroes: The New Cyber Era Post Ukraine Invasion

What Wicked Webs We Un-weave

What Wicked Webs We Un-weave: Wizard Spider once again proving it isn’t you, it isn’t me; we search for things that you can’t see Authored by: Matt Stafford and Sherman Smith Executive summary: In late January 2022, Prevailion’s Adversarial Counterintelligence Team (PACT) identified extensive phishing activity designed to harvest credentials for Naver. Naver is a […]

Copyright 2023 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.