
Tactical Threat Intelligence
Tactical Threat Intelligence is there to support the incident response team. When an incident occurs, decisions are swiftly made and executed. While it requires a rapid yet calm reaction, reactive decisions may pose a risk. The Threat Intelligence team is on-hand to inject intelligence to enlighten and empower decision makers. It provides an out-of-the box analysis, supporting those within. It is a continuous service throughout the life of the incident, including supporting post activities.
Tactical Intelligence can greatly reduce:
- risk caused by decisions based on unknowns.
- risk of unknown threats.
- time to incident closure.
- reduced business impact.
- reduce overall cost.
By:
- enlightening decision makers.
- expanding investigation to probable associated threats.
- directing response teams to focus on core issues and away from misleading avenues.
- reducing effective call closure.
Use case
Not-Petya has been described as an act-of-war, causing between $4-8 billion in global damages. Corporate organisations suffered greatly as collateral damage, but initial observations indicated the attack was simply ransomware and swiftly remediated by teams. Following an Intelligence led incident response, Threat Intelligence confirmed a state-sponsored threat actor had access into the organisation. This new intelligence initiated a Forensic investigation for which Threat Intelligence supported. Tactical Intelligence reduced a probable 5 days investigation in to 3 days and provided the organisation confidence that the connection was not abused and thus data integrity as well as customer privacy was maintained.