What is Compromise Intelligence?

Prevailion map image

Compromise Intelligence is a new method of information gathering sourced from the activity surrounding networks with confirmed evidence of cyber compromise. 

Instead of the conventional perspective of inside-out network visibility, it is outside-out—operating fully outside of an organization’s network, showing the activities of adversaries as they launch assaults on network defenses around the world. 

By tracking sophisticated threat actors and monitoring their command and control (C2) infrastructure, information is collected on what these adversaries are targeting and how their malicious attacks are being carried out.

Organizations can use this intelligence to:

  • Assess third-party risk by seeing compromises cascade through an industry
  • Enrich the information gathering of their existing threat hunting teams
  • Isolate the target of an impending data breach and take preventative action

What makes Compromise Intelligence Different from Threat Intelligence?

The distinguishing characteristic is the level of confidence in the intelligence being conveyed, along with the volume. 

Compromise Intelligence removes the guesswork from noisy feeds of indicators, conveying only confirmed, actionable intelligence on the activity of threat actors. Threat Intelligence encompasses all manner of indicators of potential threats to a network from a variety of sources, whether those are of low-, medium-, and high-levels of confidence. Suppliers of threat intelligence are not concerned with flooding a listener with information, but in providing a comprehensive assessment. It is like having ten thousand new browser tabs that need to be reviewed every day—forever.

The challenge for the listener is to prioritize those threat indicators into an actionable plan. Compromise Intelligence proposes to simplify that challenge by relegating the reported intelligence to only the evidence.

How does Compromise Intelligence Work?

Instead of sifting through endless amounts of data captured on-premises, proprietary beacon technology waits for a dormant threat to signal outbound from an organization, back to its home, where the telemetry (i.e. Compromise Intelligence) is captured and documented. 

Prevailion is the world’s first Compromise Intelligence solution, empowering organizations to swap the traditional roles of victims and adversaries in the dangerous world of cybersecurity. The Prevailion platform is like a search engine for discovering active and historical third-party compromises worldwide. Organizations can set it up in less than a minute and find Evidence of Compromise within their own or third-party ecosystems right away. 

The Latest

U.S. Hackers have likely “gone to ground”

Karim Hijazi, who served as the director of intelligence of the cybersecurity firm Mandiant and now serves as CEO of the security firm Prevailion, said the hackers will likely have “gone to ground” at this point.

Who’s Impacted by TA505 and Why It Matters

While threat actors like Cozy Bear and Fancy Bear get a lot of attention, there is another While threat actors like Cozy Bear and Fancy Bear get a lot of attention, there is another sophisticated crime actor that companies need to be watching out for.The group is called TA505 and it is believed to be […]

‘Most pristine espionage effort’ in modern history right under the US’s nose

“This was the most pristine espionage effort, unlike anything we’ve seen in a very long time,” said Karim Hijazi, a former intelligence community contractor. “Everyone in the cybersecurity community is freaking out, because we don’t know where this could stop.”

Copyright 2021 Prevailion, Inc. All rights reserved

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.