CTI - Inteligencia de
amenazas cibernéticas

In recent years, cyber threat intelligence (CTI) has become a crucial part of organizations' cybersecurity strategy.

Have you ever wondered....

What cybercriminal groups are targeting my organization?

What are the compromised devices in the organization?

What are the TTPs of these cybercriminal groups?

What are the new types of malware likely to pose a risk to my organization?

What are possible Zero-day attacks?

What are the leaked and compromised databases?

Planificación y dirección

In this part, it is critical that we define the organization's cyber intelligence requirements. What objectives are you seeking to satisfy through the intelligence process? Whether it is to satisfy a knowledge gap about a particular threat or about your environment. At the operational level: what cyber adversary groups are targeting your organization? At the tactical level, what are the adversary's methods and techniques, and what should the cybersecurity team focus on to identify the threats that are most likely to generate damage to your organization? It is key to model the threat analysis based on the exposed risks, ensure the internal mapping of the organization, define what are the critical, strategic and confidential data, along with understanding the possible motivations of the adversary.

Recopilación de datos

As part of the intelligence gathering process, our analysts will apply different tools and methodologies, among them:

a. Intrusion analysis: According to Lockheed Martin's Cyber Kill Chain model, taking into account the different stages of the attacker: reconnaissance, arming, delivery, exploitation, installation, command and control (C2), and actions on targets.

b. Malware compilation: Based on different public and non-public malware samples (malware zoos), including a proprietary malware database.

c. Domains and IPs: Consists of data pivoting, validation, enumeration and identification of threats.

d. External data sets: OSINT, Deep web, Dark web, structured and unstructured data, TLS certificates, and others.

Processing

Once data collection is executed, data are processed for exploitation. This involves interpretation of raw data, assessment of relevance and reliability. During this process of pattern identification and classification, information relevant to the organization is generated. One of the frameworks on which we rely is the diamond model, which takes into account 4 main components:

- Adversary: an organization or threat actor that uses a capability against a victim to achieve its objectives.

- Capability: the tools and strategies used by the adversary, known as TTPs (Tactics, Techniques, and Procedures).

-Infrastructure: Refers to the communication structures used by an adversary to provide a capability (IP, emails, domains, etc.).

Victim: the profile of the attacked target, verify if it has exploited vulnerabilities or has capabilities used against it.

Analysis and generation

Analysis and generation is the conversion of information from different sources into processed and valid cyber intelligence, which will enable your organization to improve and strengthen its cybersecurity posture. Executive CTI report detailing findings, delivered on a monthly basis.

Contact us

For more information, please contact us.