This year interest in cyber threat intelligence has risen to an all-time high. High profile events such as the Solarwinds Attack or Microsoft Exchange exploit stole headlines and security practitioners. Cyber Threat Intelligence (CTI) is critical to understanding your threat landscape, but it is far too often relegated to browsing the latest intelligence news with no follow-up actions or impact on mitigating threats to your organization.
Today, “actionable threat intelligence” often only involves a highly tactical process of researching and blocking lists of known IOCs. This still has some value, especially if the data is structured effectively (a main reason why we’re also releasing STIX 2.1 export options).
But CTI can (and should) hold much more strategic value. Done correctly, it has the opportunity to help to effectively prioritize defenses and security spending by focusing on areas that map to known threat actor techniques. This is why we are launching our new Threat Intelligence library in SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) with mapping to MITRE ATT&CK and features to operationalize threat intelligence.
Take Action from Intelligence Updates with MITRE Technique Profiles and Associations
By aligning to MITRE ATT&CK, SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) offers actionable remediation advice against specific threat actors before they may pose a risk and provides security teams with a common language to speak.
To take a strategic approach to threat intelligence, we lead you to the decision-making point of “is this a relevant risk to my organization?” and provide you with opportunities to take action whether its blocking a list of indicators associated with a threat actor or to proactively mitigate MITRE techniques and associations. Each MITRE profile includes finished intelligence including information about technique, potential mitigations, detection and shows a visual mapping to the MITRE ATT&CK Matrix and latest intelligence activity.
Each MITRE technique profile additionally includes:
- Subtechniques and Associations
- Related Intel Updates
If you’re like most security teams, you may struggle to collect, combine, and analyze threat intelligence that is relevant to your organization. With SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) you can search for threats filtering by the target industry sector or target location in addition to MITRE technique Name, MITRE ATT&CK ID, Tactic Group, Actor Name, and Malware Name.
Faster Understanding with Finished Intelligence from Photon Research
Analyzing threat intelligence can take hours of your day, with SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) our in-house global team of security researchers act as an extension of your team with intelligence updates on the latest events as well as hundreds of crafted profiles for threat actors, malware, events & campaigns, and criminal locations.
You can get to a faster understanding of key details and assessment of threats and walk away with an in-depth understanding of each threat including target industry sector, target geographic location, and recency of activity. Combining these three factors gives a clear view of relevant threats, while the profiles allow you to easily pivot out to view associated threats.
In addition to MITRE ATT&CK mappings and intelligent event timelines, you can see mappings of related intelligence updates, threat actors, malware, or cybercriminal forums. These views instantly visualize the links between these scattered variables without diving down a rabbit hole of erroneous information.
See Key Intelligence Workflows in Action
To learn more about our changes to threat intelligence, see our Operationalizing Cyber Threat Intelligence webinar which covers tactical, strategic, and operational (MITRE ATT&CK mappings, associations and actor profiles) use cases of threat intelligence and how SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) maps to the Intelligence Cycle.
If you’re after a more hands-on experience, you can view our threat actor profiles and intelligence updates for free (for seven days) via Test Drive.