Tip of the Spear: Evidence of Breach and Breach Intelligence
For quite some time we at Prevailion have been speaking publicly to the nature of the differences between Prevailion and other vendors in the threat intelligence market, and for good reason. There are two key concepts at the forefront of every discussion that I and my peers have when discussing who we are, what we do, why we are unique, and what we do: Evidence of Compromise (EoC), and Compromise Intelligence (CI). There is little that leads me to believe as I write this blog that there are any vendors current or emerging who are approaching the challenges facing organizations (for-profit and otherwise), from the same vantage point that we are. In fact, I would go as far as to say that none do.
The Market Today And Where We Are Leading It
With all but a few exceptions, threat intelligence offerings being brought to market today depend largely on conventional approaches to collection and synthesis of data related to the threat landscape and adversaries – approaches that rely heavily upon the integrity and freshness of curated lists of Indicators of Compromise (IOCs) or Indicators of Attack (IoA) largely acquired and ingested from third party organizations (commercial or otherwise), the ability to scan and enumerate the Internet at a surface, deep, and dark web level (think ToR or i2p here), rudimentary and DNS sinkholing, DNS (pDNS, Domain Intel etc.), or the use of HUMINT techniques (in one respect or another) in an operational capacity. From an academic perspective it is fair to say that there is nothing wrong with these approaches. However, when explored from the vantage point of an organization that has placed its money and more importantly it’s trust (not to mention its’ brand and reputation) in the hands of vendors who utilize, produce and promote these approaches exclusively against ever evolving adversaries; organizations who continue to experience compromise and breach, yes; there is something wrong with this approaches. They simply do not work as effectively or consistently as one might hope. And even when combined with some form of network or software agent deployment the results vary at best.
This is not conjecture. This is a fact. A fact observed every day when I look across the expanse of the intelligence contained within our platform and see organizations – large and small; all of which have investments (in some cases quite extensive ones), in cybersecurity offerings and services that for one reason or another simply do not provide the efficacy that their customers were promised over time. And though some of these offerings come much closer to doing so than not (think for a moment about the glory days of organizations like NetWitness and the market it helped birth that is now referred to as the ‘Network Traffic Analysis’ market or CarbonBlack who inarguably pioneered the EDR market), they are reliant upon being granted access to the network in order to instrument and collect data necessary to produce a viable profile of the organization that can be acted upon. Here is where we differ. Greatly.
Once More Unto the Breach, Dear Friends
Our approach does not and has never relied on the aforementioned approaches used in the hope of gaining a comprehensive understanding of the targeted victim environment and what is going on within it. We strive diligently to not gain a comprehensive understanding of the entire target environment but rather focus on only what matters and concerns us most: it’s state of real-time compromise. We believe we have achieved that and we are prepared to up the ante through yet another achievement; an achievement that will aid us and our customers in not only understanding their real-time state of compromise but also their real-time state of breach. As I write this blog, Prevailion is advancing its efforts in and around our ability to promote and publish (legally), Evidence of Breach (EoB) and Breach Intelligence (BI) through our unique approach in detecting and repatriating to our customers real-time breach detection intelligence. We believe strongly and passionately in our ability to provide this intelligence to our customers in the same way we provide EoC and CI to them today, leveraging our external approach to the target environment while taking the fight to the adversary. The executive team here at Prevailion believe strongly that this new capability will not only disrupt the industry through several ways (something we enjoy doing greatly) but will also aid victim organizations in being able to detect, recognize, and respond to breaches faster than ever before without touching the network or asking permission to do so.
As Principal Security Strategist here at Prevailion, I am excited to share this news with you. It is the result of hard work by some of the industries brightest minds and a determination to address challenges on behalf of those who cannot do so for themselves. I am proud to be a part of such an extraordinary team and encourage you all to visit the following link, sign up for a free account in our APEX Platform™, and begin your journey with us. We are not slowing down and will continue to push the boundaries in our struggle against advanced cybercriminals, nation-states, and their proxies operating globally whose mission is to target, compromise, exploit, abscond with intelligence (of one form or another), and in some cases destroy their victims. Join the fight. Together, we will prevail.