Threat Intelligence Defined
Transcript of Threat Intelligence Defined
Threat Intelligence Defi ned
White Paper
(866) 333-2133www.solutionary.com
2
Threat Intelligence Defi ned
Threat Intelligence Defi ned
Contents
Introduction .......................................................................................................................3
What is Threat Intelligence? ..............................................................................................4
The Core Intelligence Disciplines .................................................................................5
The Intelligence Cycle ..................................................................................................7
The Intelligence Funnel ................................................................................................8
Distinguishing Intelligence from Information ................................................................9
Threat Intelligence Collection .......................................................................................9
Distinguishing Characteristics of Intelligence Events ................................................10
The Information that Threat Intelligence Provides .....................................................11
The Importance of Threat Intelligence in Information Security .......................................12
Change in Cyberthreat Profi les ..................................................................................13
The Volume of Information Security Vulnerabilities ....................................................14
Technology Growth and Usage Changes ..................................................................15
What Do Different Organizations Expect from Threat Intelligence? ................................15
Conclusion ......................................................................................................................18
About SERT .....................................................................................................................19
About Solutionary ............................................................................................................19
3
Threat Intelligence Defi ned
Introduction
The term “threat intelligence” rapidly emerged onto the information security
landscape over the last several years, and many security vendors now offer threat
intelligence services to customers. Since there is no standard industry defi nition of
threat intelligence, not everyone is defi ning it the same way. As a result, the term
threat intelligence is so broadly used in the security industry that the true defi nition of
”intelligence” is sometimes lost. Some threat intelligence services being offered in the
market today are not offering true intelligence at all – they are simply offering access to
minimally analyzed (or even raw) data.
This Solutionary white paper provides readers with an introduction to the fundamentals
of intelligence and, by extension, threat intelligence. The key objectives of this white
paper are to:
• Align industry defi nitions of intelligence with those of the traditional intelligence
community (IC), so there is a unifi ed understanding moving forward.
• Clearly defi ne what intelligence is, the core disciplines within it, the current
evolution of cyberintelligence and its offspring: cyberthreat intelligence.
• Document the steps in the intelligence process necessary to transform raw data
into intelligence.
• Provide an accurate foundation and understanding for readers who are considering
commercial threat intelligence services.
• Discuss the infl uences behind the growth of threat intelligence services.
3
“When everything is intelligence -
nothing is intelligence”
- Wilhelm Agrell, The Sherman Kent
Center for Intelligence Analysis
4
Threat Intelligence Defi ned
What is Threat Intelligence?
The Central Intelligence Agency’s defi nition of intelligence1 highlights the key
components of threat intelligence:
Reduced to its simplest terms, intelligence is knowledge and foreknowledge
of the world around us. The prelude to decision and action by U.S. policy
makers. Intelligence organizations provide this information in a fashion that helps
consumers, either civilian leaders or military commanders, to consider alternative
options and outcomes. The intelligence process involves the painstaking and
generally tedious collection of facts, their analysis, quick and clear evaluations,
production of intelligence assessments, and their timely dissemination to
consumers. Above all, the analytical process must be rigorous, timely, and relevant
to policy needs and concerns.
The goal of commercial threat intelligence is to deliver capabilities similar to those
provided by the IC. However, instead of providing military or political intelligence to
government stakeholders, the current focus within the information security industry is to
deliver threat intelligence to an organization’s stakeholders about digital threats to their
enterprise systems.
This threat intelligence, and the values associated with it, is often linked to what can
be satisfi ed by specifi c intelligence goals, also referred to as Priority Intelligence
Requirements (PIR). PIR can be thought of as specifi c use cases for information
collection to satisfy an intelligence goal.
Sometimes the term “threat intelligence” is a misnomer often defi ned as data or data
feeds related to potential cyberthreats. This defi nition greatly oversimplifi es both the
types of intelligence that should be gathered as part of an intelligence offering, as
well as the process required to transform raw data into actionable intelligence for
consumers. Cyberthreat intelligence is a great deal more than that. It is meant to be an
interdisciplinary and holistic approach allowing for the delivery of a comprehensive and
true intelligence product, providing value on multiple levels for stakeholders.
It gleans data from both the physical (PESTLE, STEEPLED)2 and digital environments
1 CIA consumer’s guide to intelligence (CIA, Washington, DC, Sep. 1993, updated Feb. 1994) – emphasis
(underlining) by Solutionary
2 PESTLE (Political, Economic, Social, Technological, Legal, Environmental) and STEEPLED (Social,
Technological, Economic, Environmental, Political, Legal, Ethical and Demographic) factor analysis.
4
Cyberthreat intelligence is a great
deal more than that. It is meant to
be an interdisciplinary and holistic
approach allowing for the delivery
of a comprehensive and true
intelligence product, providing value
on multiple levels for stakeholders.
5
Threat Intelligence Defi ned
that surround an organization and takes into account the broader attack surface.
To illustrate the point: within intelligence circles there is a small but growing evolution
of alliances, limited partnerships and multi-tiered contracts between physical and
cyberworld threat actors. Many transnational criminal organizations are exceptionally
good at environmental scanning in search of new criminal enterprises. Cyberthreat
intelligence is uniquely poised to address these factors.
The Core Intelligence Disciplines
Intelligence is a tradecraft. It is composed of methodologies and techniques that can be
applied across all industry verticals. Its collection consists of fi ve core disciplines and
their subdisciplines. The IC distinguishes intelligence disciplines based on their intended
use and the collection source. Descriptions of the fi ve intelligence disciplines are
presented below.
1. Human Intelligence (HUMINT) – HUMINT is defi ned as the collection of information
from a human source. The source may either possess fi rst or second hand
knowledge normally obtained through sight, hearing or activity. It can encompass
threat, neutral or friendly military and civilian personnel.
2. Open Source Intelligence (OSINT) – OSINT explores, exploits and enhances
generally-available public information. Data mining and advanced search
techniques are extremely important due to the extraordinary volume of available
information. This includes sources like television and radio broadcasts, books,
newspapers and the Internet.
3. Signals Intelligence (SIGINT) – SIGINT is defi ned as the collection and exploitation
of signals transmitted from communication systems, radar and weapon systems.
The results from SIGINT are derived from collecting, locating, processing, analyzing
and reporting intercepted communications and non-communications emitters.
SIGINT is subdivided into Electronic Intelligence (ELINT) and Communications
Intelligence (COMINT).
4. Imagery Intelligence (IMINT) – IMINT is geospatial information collected and
processed by a variety of terrestrial, airborne or satellite-based collectors.
5. Measurement and Signature Intelligence (MASINT) – MASINT is a technical
branch of intelligence that uses information gathered by technical instruments such
as radars, lasers, passive electro-optical sensors, seismic and other sensors to
It is important to include key
stakeholders into the decision-
making process since management
makes decisions for the policies and
budgets allocated for security.
6
Threat Intelligence Defi ned
measure objects or events to identify them by their signatures. This includes the
ability to discretely tag a person, place or thing due to unique signatures. This also
includes acoustic, nuclear, chemical and biological intelligence.
Figure 1
Distinguishing Cyberintelligence
Cyberintelligence (CYINT) – Is not one of the core intelligence disciplines, but rather
a newly-evolving fi eld, that is a hybrid and can consist of any combination or all of the
fi ve core disciplines. Although it can be used as a key component of cybersecurity,
cyberintelligence operates independently of the cybersecurity mission and supports a
variety of operations across every sector of government and industry.
It is critical for organizations to recognize the broader capabilities of this rapidly-
emerging fi eld of intelligence, and how it can be used beyond identifying cyberthreat
actors, technical data about vulnerabilities, malware or IP reputation data.
Cyberintelligence goes beyond these narrow parameters and encompasses the analysis
of actions and events associated with an organization’s physical environment (PESTLE/
STEEPLED), which can lead to forecasting digital threats.
It is critical for organizations to
recognize the broader capabilities
of this rapidly-emerging fi eld of
intelligence, and how it can be used
beyond identifying cyberthreat actors,
technical data about vulnerabilities,
malware or IP reputation data.
7
Threat Intelligence Defi ned
The Intelligence Cycle
The intelligence cycle consists of the following phases, as shown in fi gure 2 on the
following page:
1. Planning, Requirements and Direction – Planning and direction for intelligence
gathering includes management of the entire intelligence effort, from Priority
Intelligence Requirements (consumer3 guidance and further identifi cation of needs)
to the fi nal intelligence product.4
2. Collection – Following the established direction, the threat intelligence service
gathers potentially useful raw data from relevant sources.
3. Processing – The collected data is consolidated into a standardized format suitable
for detailed analysis.
4. Analysis and Production – The gathered data is analyzed by subject matter
experts to identify potential threats to customer environments. Countermeasures to
respond to identifi ed threats may also be developed in this step.
5. Dissemination – The intelligence analysis is distributed to consumers so that
appropriate protective measures can be taken.
3 Consumer – includes those stakeholders who will consume the product, not only those who purchased the
product.
4 Intelligence product – reports, bulletins or assessments.
8
Threat Intelligence Defi ned
Figure 2
The Intelligence Funnel
Intelligence is not found as a complete product natively, but is derived from a
structured, rigorous process of identifying noise and data which contain information that
can help meet the goals of a specifi c PIR. This is ultimately analyzed and evaluated. If it
meets requirements, it is converted into an intelligence product which is delivered to the
intelligence consumer.
The basic context is that
management knows the business,
the analyst knows security and they
need to work together to defi ne the
best result.
Consumer Needs –Planning,
Requirements & Direction
25
4 3
1Raw Information
Collected Based on Requirements
Information Processed & Exploited
Intelligence Analysis
& Production
Dissemination of Product
to Consumer
Figure 3
Noise is composed of everything that is
collected according to the PIR.
Data remains after noise is fi ltered and non-
applicable items are removed (scrubbed).
Remaining artifacts are grouped according to
defi ning characteristics.
Information is data with a purpose. Once it is
assigned a purpose it becomes information.
Intelligence is information with a strategic purpose
that can be used to gain an advantage. Intelligence
development is exclusively a human-centered activity.
Actionable Intelligence is intelligence-led, evidence-based assessments which
can be initiated, acted upon and provide clear results, supporting the PIR.
9
Threat Intelligence Defi ned
Distinguishing Intelligence from Information
A number of security threat intelligence vendors really stop at the “data” or
“information” phase of the intelligence funnel process, but still call the information
delivered threat intelligence. There are defi nable differences between information and
intelligence.
Information: An exploit for a zero-day Java vulnerability is publicly released
on a security mailing list. Shortly thereafter, malware is identifi ed utilizing
the vulnerability. Security vendors notify clients of this threat and provide
recommendations for mitigation. This is threat information (and it is likely very
useful information), but by defi nition, is not threat intelligence.
Intelligence: A security vendor monitoring exploitation of the Java vulnerability
notices infection rates in Asia are much higher than in the U.S. New strains of
malware, which install code associated with a botnet command and control
system on victim devices, are being observed in the wild. At the same time, a large
fi nancial institution has announced the acquisition of a number of smaller, regional
banks surging stock prices and, at the same time, initiating an increase in their
non-suffi cient funds fee from $20 to $35, thereby angering consumers. A number
of hacktivist groups begin discussing a protest against the U.S. banking system
on Twitter and other social media sites, promising to halt online transactions for a
day at major institutions. One hacktivist Twitter account posts instructions for using
botnet command and control software, which appears to be related to the botnet
client code installed by the Java malware.
Piecing these data points together leads to a clearer picture: U.S. banks are likely
going to be targeted with a DDoS (Distributed Denial of Service) attack by a hacktivist
group using botnets based on the Java vulnerability. Based on what is known about
infection profi les, banks can expect the attacks to originate from Asian source IP
addresses. This is threat intelligence – information gathered from a number of disparate
sources, synthesized by human analysts to identify a specifi c threat to a specifi c target.
Threat Intelligence Collection
Targeted attacks, zero-day vulnerabilities and malware exploit kits are areas of concern
for many organizations. However, most organizations simply do not have the resources
Threat Intelligence: Information
gathered from a number of disparate
sources, synthesized by human
analysts to identify a specifi c threat
to a specifi c target.
10
Threat Intelligence Defi ned
or expertise necessary to independently research and evaluate these threats, much less
determine how relevant the threat is for their organization.
Threat intelligence services are often used as a form of outsourced capability, providing
organizations with access to expertise and resources on advanced security topics,
which they might not otherwise be able to afford. Qualifi ed threat intelligence personnel
have undergone extensive training, possess specialized toolkits and understand the
mind set and approach of modern attackers. They are also adept at data mining from
relevant collection sources as illustrated in fi gure 4 below.
Figure 4 5
Distinguishing Characteristics of Intelligence Events
Indicator Events and Incident Events – In the intelligence lexicon, “events” are raw data
that analysts use to forecast an increased or decreased risk of a threat. These events
are used to identify the key indicators of change to the risk environment which have
already occurred or may occur in the future.
5 Source: http://www.netswitch.net/what-is-threat-intelligence-and-what-should-you-do-about-it/
Threat intelligence services are
often used as a form of outsourced
capability, providing organizations
with access to expertise and
resources on advanced security
topics, which they might not
otherwise be able to afford.
11
Threat Intelligence Defi ned
Figure 5
These are the specifi c pieces of data which can be used to identify elevated risk of
a threat or to fi ngerprint an attack. Both indicator events and incident events may
be technical (digital) or non-technical (physical) in nature and are used to identify the
environmental factors surrounding a latent or manifest threat or an attack. These can
include:
Physical – Class action lawsuits, legislation or lobbying efforts to effect legislation,
cancellation of a license, political donations, controversial statements by
key personnel made publicly or privately on personal social media accounts,
purchasing of large swaths of key real estate, unpopular policy changes, layoffs,
mergers or acquisitions, environmental damage, moving of headquarters, store
closings or openings in certain demographic or economic centers, etc.
Digital – Numerous failed password attempts, buffer overfl ow, port scanning,
phishing campaigns, increased SQL queries, URLs, fi le names, fi le extensions, fi le
hashes, services or executable, command sequences, HTTP requests, registry
settings, protocols and ports used, etc.
The Information that Threat Intelligence Provides
The end result of the threat intelligence process is to answer the following questions for
stakeholders:
12
Threat Intelligence Defi ned
Threats – What are current threats of which the organization must be aware?
Cyberthreats faced by organizations fall into a unique category because, by nature,
they are both nebulous and asymmetric. Nebulous is the irregular and elusive
characteristic of the digital environment, while asymmetric relates to the great
imbalance of power between the threat actor and target with an unknown range of
tactics which can be deployed.
Threat Actors – Who/what/where are the groups/people behind specifi c threats?
What are their capabilities, motivations, goals, area(s) of operation, history of
activity?
Targets – Who is being targeted by these threats? Are threats based on geography,
politics, or industry? What are the characteristics of organizations or groups likely
to be targeted?
Methods and Tactics – What are the tactical approaches being taken by attackers?
What is the threat designed to do? What is its focus? What tools and infrastructure
are being used? What are the technologies, versions and user types being
targeted? How are the attacks being delivered to targets?
Countermeasures – What actions can organizations take to respond to specifi c
threats? Threat countermeasures can include: intrusion detection system
signatures, anti-virus signatures, ports/protocols to block or other responsive
actions which can be taken to help protect organizations from identifi ed specifi c
threats.
The Importance of Threat Intelligence in Information Security
There are four principal reasons threat intelligence is becoming recognized as a critical
information security requirement:
1. The fundamental changes in the types of security threats organizations must
defend against and the understanding that the attack surface encompasses far
more than a narrowly defi ned technical parameter.
13
Threat Intelligence Defi ned
2. The ability to access and utilize resources and expertise organizations might
otherwise not be able to afford.
3. The sheer volume of security vulnerabilities and attack vectors to which
organizations must respond.
4. The continuously expanding spectrum of technologies and environments
organizations must protect.
Change in Cyberthreat Profi les
Risk and threat profi les have changed dramatically in recent years. Cyberthreat
actors are no longer idiosyncratic or dissident individuals and groups. They now
include nation-state actors or sponsored groups, as well as transnational organized
crime groups with considerable resources, support and expertise at their disposal.
These attackers often work together and share or sell tools designed to compromise
targets. These attackers also have time and resources to search for vulnerabilities in
organizational environments. Conversely, those tasked with defending organizations
often have limited resources and budgets to launch an adequate defense, hence the
asymmetric nature of the threat.
The steady rise in documented data loss incidents shown in fi gure 6 provides evidence
that current attacks are increasingly successful.
Documented Data Loss Incidents by Yearfrom http://datalossdb.org/statistics
Figure 6
For this reason, many organizations are turning to threat intelligence services to help
identify threat actors who are targeting their environments and to identify appropriate
responses and mechanisms which can be used to help defend against these attacks.
14
Threat Intelligence Defi ned
The Volume of Information Security Vulnerabilities
The sheer volume of data which information security personnel analyze can be
overwhelming. Organizations must react to a daily infl ux of vulnerabilities, zero-day
threats, malware, exploit kits, botnets, Advanced Persistent Threats (APT) and targeted
attacks.
The number of Common Vulnerabilities and Exposures (CVEs) identifi ed every year for
the last 15 years is shown in the graph below – over 4,000 new security vulnerabilities
have been identifi ed annually since 2005.
Number of Common Vulnerabilities (CVEs) Issued by Yearfrom http://web.nvd.nist.gov/view/vuln/statistics
Figure 7
The rate of malware identifi cation has also increased in recent years, as shown in fi gure
8. It also documents a dramatic rise in the amount of new malware identifi ed annually
since 2011.
New Malware Identifi ed by Yearadapted from http://www.av-test.org/en/statistics/malware/
Figure 8
15
Threat Intelligence Defi ned
It is impossible for most organizations to effectively defend themselves against all
conceivable vulnerabilities and malware variants. Threat intelligence, however, can help
organizations understand exploits and malware active in the wild, being exploited in a
particular geographic region or used by threat actor groups targeting specifi c industry
sectors. Intelligence about threats targeted to an organization’s environment can assist
in the prioritization of remediation actions, so that mitigation efforts and resources are
directed to areas with the greatest need and defensive value.
Technology Growth and Usage Changes
Another driver for threat intelligence services is the evolution and expansion of
technologies used in modern computing environments. The number of technologies
in place at most organizations is dramatically higher than it was even two or three
years ago. Bring Your Own Device (BYOD) initiatives, remote workers joining corporate
networks via VPNs on personal devices, pervasive wireless networking, and the
increasing use of virtualization and cloud computing have all dramatically increased the
technologies in use within typical organizational environments. New technologies don’t
typically replace legacy technologies – they are most often an addition, resulting in a net
increase to the organization’s attack surface and vulnerabilities found within.
With these changes in technologies – the use of BYOD, remote users, virtualization,
cloud computing – homogeneous organizational networks with defi ned perimeters
no longer exist. A heterogeneous, distributed user and technology base is the new
standard. This new reality comes with more complexities and more potential risks.
Threat intelligence can help organizations understand emerging threats against this new
architectural reality.
What Do Different Organizations Expect from Threat Intelligence?
Every organization has different information security priorities, assets to protect,
levels of expertise, and varying types of security technology. As a result, different
organizations can have different perceptions, needs, and expectations of threat
intelligence services. Factors infl uencing organizational threat intelligence needs
include:
Intelligence about threats targeted
to an organization’s environment
can assist in the prioritization
of remediation actions, so that
mitigation efforts and resources are
directed to areas with the greatest
need and defensive value.
16
Threat Intelligence Defi ned
• Organization size.
• Organization alignment with government, retail, and other vertical markets.
• Organization dependencies, including supply chain, business partners, third-party
suppliers, cloud providers, et al.
• Number, sophistication and capabilities of the organization’s information security
resources.
• The organization’s risk posture, and likelihood of being targeted by:
• Nation-state actors/APT for political, economic or intellectual property reasons.
• Transnational organized crime, for fi nancial purposes.
• Hacktivists/attention seekers, looking to embarrass the organization.
Organizations with limited public exposure, not storing or transmitting the types of data
typically desired by attackers, are likely to have different threat intelligence needs than
organizations which are highly visible in the public sphere, maintaining highly desirable
data or are associated with controversial topics.
Low-profi le organizations may be interested in using threat intelligence to help answer
the following questions:
• What key developments are happening in the physical environment surrounding the
organization that are acting as possible catalysts for digital threats?
• Does the organization have a plan of action if its IP or confi dential information
is publicly disclosed? What are the ramifi cations? How does the organization
proceed?
• What is the organization’s greatest fear? What is the one thing the organization or
management does not want to read about or see on TV? Does the organization
have steps to prevent or eradicate such activity?
• Are any competitors coincidently (or deliberately) coming to market with a new
product or idea at the same time the organization is? Is there any indication that
they used some of the organization’s intellectual property (IP)?
17
Threat Intelligence Defi ned
• Are there vulnerabilities and malware being actively exploited in the wild, which may
be applicable to the organization’s environment? What countermeasures should be
actively taken to protect against those threats?
• Is there any potentially sensitive data about the organization or its users being
posted online? This could include things like acquisition or merger information,
target markets, target clients, proposals, contracts or other business strategy.
• Are negative comments being posted about the organization online? If so, what is
the basis of the comments?
• Are there any similar competing products which seem to be copies of the
organization’s IP? How did some other organization get the information to do this?
• Does any of the organization’s technical IP appear online or associated with a
competing organization? This includes specifi c IP associated with the organization,
like source code, product designs, engineering documents, blueprints,
specifi cations and related technical information.
By contrast, an international organization involved in highly-political industries may
require targeted intelligence on topics such as:
• Is the organization being targeted by activist groups or other attackers? If so, who
is targeting the organization, and why? What is the level of sophistication of these
groups?
• Have any competitors or industry peer groups been recently targeted? Who is
conducting these attacks? What are the technologies being attacked and what
attack vectors are being utilized? Have any of these targeted organizations have
been successful at mitigating these attacks? If so, how?
• Are there any potential cyberthreats associated with upcoming economic or
industry conferences or events which the organization would take part in? If so
provide an overview of potential cyberthreats associated with this event, and
precautions that should be taken.
• Does the organization have non-disclosure agreements (NDAs) or safeguards in
place to prevent industrial espionage?
• Is there an agreed-upon security policy between all contractors and third-party
organizations with which the organization does business?
18
Threat Intelligence Defi ned
Conclusion
The terms intelligence, cyberintelligence and cyberthreat intelligence have been used
extensively and interchangeably, and often incorrectly, in the information security
community. They have been used quite inaccurately to describe automated indicator
data feed services or data that may be used to further identify and mitigate threats.
However, the very specifi c nature of each of these terms builds on the fundamental
understanding of what true intelligence is and how it is derived. It is important to align
security industry terminology with that of the traditional intelligence community for a
unifi ed understanding.
The cyberlandscape is the new Wild West. The rate at which technology evolves is
accelerating faster than the rate of technology incorporation within government or
security, and that gap will only widen if these issues are not addressed thoroughly
and holistically. The broad spectrum, which encompasses cyberintelligence, has been
severely limited to only its technical capacity of both attacker and target. This ignores
its greater capability to give a 360-degree perspective of the other critical facets of an
organization’s environment and outward presence in the physical domain.
When intelligence is understood and utilized properly, great value can be realized. It
can be a powerful forecasting and analytical tool by identifying emerging and targeted
threats and guiding an organization’s approach and response to real threats on
strategic, operational and tactical levels. Actionable threat intelligence is the result of a
rigorous process, with defi ned goals and targets in mind.
The changes to the cybersecurity landscape over the last several years have been the
primary driver in the need for threat intelligence services. As organizations seek new
sources of threat intelligence, they need to be aware of the differences in the types
of intelligence being delivered by the security industry. This paper was written to help
the reader gain a nuanced understanding of the core concepts of intelligence as the
intelligence community defi nes it and to help differentiate the threat intelligence services
being offered in the industry today.
Actionable threat intelligence is the
result of a rigorous process, with
defi ned goals and targets in mind.
Solutionary.com
Solutionary, Inc.
9420 Underwood Avenue
Omaha, NE 68114
ActiveGuard® US Patent Numbers: 7,168,093; 7,424,743; 6,988,208; 7,370,359; 7,673,049; 7,954,159; 8,261,347. Canadian Patent No. 2,436,096. Solutionary, the Solutionary logo, ActiveGuard, the ActiveGuard logo, are registered trademarks or service marks of Solutionary, Inc. in the United States. Other marks and brands may be claimed as the property of others. The product plans, specifi cations, and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright ©2015 Solutionary, Inc.
Contact Solutionary at [email protected] or 866-333-2133
Solutionary, an NTT Group security company, is the next generation managed security services
provider (MSSP), focused on delivering managed security services and global threat intelligence.
1260WP 1/15
About SERT
The Solutionary Security Engineering Research Team (SERT) protects and informs
Solutionary clients through security threat research, vulnerability analysis and the
development of effective countermeasures. For more information visit
www.solutionary.com to learn more about SERT services, read SERT research or sign
up to receive the Solutionary Minds blog.
About Solutionary
Solutionary, an NTT Group security company (NYSE: NTT), is the next generation
managed security services provider (MSSP), focused on delivering managed
security services and global threat intelligence. Comprehensive Solutionary security
monitoring and security device management services protect traditional and virtual
IT infrastructures, cloud environments and mobile data. Solutionary clients are able
to optimize current security programs, make informed security decisions, achieve
regulatory compliance and reduce costs. The patented, cloud-based ActiveGuard®
service platform uses multiple detection technologies and advanced analytics to
protect against advanced threats. The Solutionary Security Engineering Research
Team (SERT) researches the global threat landscape, providing actionable threat
intelligence, enhanced threat detection and mitigating controls. Experienced, certifi ed
Solutionary security experts act as an extension of clients’ internal teams, providing
industry-leading client service to global enterprise and mid-market clients in a wide
range of industries, including fi nancial services, healthcare, retail and government.
Services are delivered 24/7 through multiple state-of-the-art Security Operations
Centers (SOCs).
For more information, visit www.solutionary.com