Operational Threat Intelligence
Threats to any organisation are developing continuously. While rules and definitions within tools such as SIEMs, Firewalls or Anti-malware solutions can prevent some attacks, they’re as effective as their last update regarding known threats. And to simply lockdown and block, prevents organisational productivity.
Askari Blue’s Threat Intelligence team support internal teams by monitoring external atmospherics and raising the awareness of new and trending threats facing an organisation. Intelligence supports an organisation by providing direction, increasing readiness with adapted defences. Daily Threat Intelligence produces Operational Intelligence and can be acquired between one (1) to five (5) times per week.
Operational Intelligence will support the organisation to:
- Focus on higher probable threats that are relevant to the organisation.
- Raise awareness of new & trending threats to all SOC members, from analyst to CISO.
- Support senior stakeholder decisions is future cyber defences.
- Reduce time to remediation.
- Raise confidence in defences.
- Identify existing security gaps.
- Implement controls, such as firewall rules, training, anti-malware definitions.
Tasks within Operational Intelligence include but not limited to:
- Analyst assessments on:
- relevant news regarding threats
- Microsoft’s patch Tuesday
- vendor threat reports
- Threat analysis based on ticketing
- Responding to Intelligence Requirement requests*
*Subject to terms and conditions