Threat Intelligence Defined

Threat Intelligence Defi ned

White Paper

(866) 333-2133www.solutionary.com

2



Contents

Introduction .......................................................................................................................3

What is Threat Intelligence? ..............................................................................................4

The Core Intelligence Disciplines .................................................................................5

The Intelligence Cycle ..................................................................................................7

The Intelligence Funnel ................................................................................................8

Distinguishing Intelligence from Information ................................................................9

Threat Intelligence Collection .......................................................................................9

Distinguishing Characteristics of Intelligence Events ................................................10

The Information that Threat Intelligence Provides .....................................................11

The Importance of Threat Intelligence in Information Security .......................................12

Change in Cyberthreat Profi les ..................................................................................13

The Volume of Information Security Vulnerabilities ....................................................14

Technology Growth and Usage Changes ..................................................................15

What Do Different Organizations Expect from Threat Intelligence? ................................15

Conclusion ......................................................................................................................18

About SERT .....................................................................................................................19

About Solutionary ............................................................................................................19

3


Introduction

The term “threat intelligence” rapidly emerged onto the information security

landscape over the last several years, and many security vendors now offer threat

intelligence services to customers. Since there is no standard industry defi nition of

threat intelligence, not everyone is defi ning it the same way. As a result, the term

threat intelligence is so broadly used in the security industry that the true defi nition of

”intelligence” is sometimes lost. Some threat intelligence services being offered in the

market today are not offering true intelligence at all – they are simply offering access to

minimally analyzed (or even raw) data.

This Solutionary white paper provides readers with an introduction to the fundamentals

of intelligence and, by extension, threat intelligence. The key objectives of this white

paper are to:

• Align industry defi nitions of intelligence with those of the traditional intelligence

community (IC), so there is a unifi ed understanding moving forward.

• Clearly defi ne what intelligence is, the core disciplines within it, the current

evolution of cyberintelligence and its offspring: cyberthreat intelligence.

• Document the steps in the intelligence process necessary to transform raw data

into intelligence.

• Provide an accurate foundation and understanding for readers who are considering

commercial threat intelligence services.

• Discuss the infl uences behind the growth of threat intelligence services.

3

“When everything is intelligence -

nothing is intelligence”

- Wilhelm Agrell, The Sherman Kent

Center for Intelligence Analysis

4


What is Threat Intelligence?

The Central Intelligence Agency’s defi nition of intelligence1 highlights the key

components of threat intelligence:

Reduced to its simplest terms, intelligence is knowledge and foreknowledge

of the world around us. The prelude to decision and action by U.S. policy

makers. Intelligence organizations provide this information in a fashion that helps

consumers, either civilian leaders or military commanders, to consider alternative

options and outcomes. The intelligence process involves the painstaking and

generally tedious collection of facts, their analysis, quick and clear evaluations,

production of intelligence assessments, and their timely dissemination to

consumers. Above all, the analytical process must be rigorous, timely, and relevant

to policy needs and concerns.

The goal of commercial threat intelligence is to deliver capabilities similar to those

provided by the IC. However, instead of providing military or political intelligence to

government stakeholders, the current focus within the information security industry is to

deliver threat intelligence to an organization’s stakeholders about digital threats to their

enterprise systems.

This threat intelligence, and the values associated with it, is often linked to what can

be satisfi ed by specifi c intelligence goals, also referred to as Priority Intelligence

Requirements (PIR). PIR can be thought of as specifi c use cases for information

collection to satisfy an intelligence goal.

Sometimes the term “threat intelligence” is a misnomer often defi ned as data or data

feeds related to potential cyberthreats. This defi nition greatly oversimplifi es both the

types of intelligence that should be gathered as part of an intelligence offering, as

well as the process required to transform raw data into actionable intelligence for

consumers. Cyberthreat intelligence is a great deal more than that. It is meant to be an

interdisciplinary and holistic approach allowing for the delivery of a comprehensive and

true intelligence product, providing value on multiple levels for stakeholders.

It gleans data from both the physical (PESTLE, STEEPLED)2 and digital environments

1 CIA consumer’s guide to intelligence (CIA, Washington, DC, Sep. 1993, updated Feb. 1994) – emphasis

(underlining) by Solutionary

2 PESTLE (Political, Economic, Social, Technological, Legal, Environmental) and STEEPLED (Social,

Technological, Economic, Environmental, Political, Legal, Ethical and Demographic) factor analysis.

4

Cyberthreat intelligence is a great

deal more than that. It is meant to

be an interdisciplinary and holistic

approach allowing for the delivery

of a comprehensive and true

intelligence product, providing value

on multiple levels for stakeholders.

http://pestleanalysis.com/

http://books.google.com/books?id=u18XBAAAQBAJ&pg=PT277&lpg=PT277&dq=intelligence+analysis+pestle&source=bl&ots=NmKQgP3Ay_&sig=ZYQv-DTLrOhq5NtF0-x90Ng5bCM&hl=en&sa=X&ei=DKAHVNe7JomnggSttoD4Bg&ved=0CDEQ6AEwBw#v=onepage&q=intelligence%20analysis%20pestle&f=false

5


that surround an organization and takes into account the broader attack surface.

To illustrate the point: within intelligence circles there is a small but growing evolution

of alliances, limited partnerships and multi-tiered contracts between physical and

cyberworld threat actors. Many transnational criminal organizations are exceptionally

good at environmental scanning in search of new criminal enterprises. Cyberthreat

intelligence is uniquely poised to address these factors.

The Core Intelligence Disciplines

Intelligence is a tradecraft. It is composed of methodologies and techniques that can be

applied across all industry verticals. Its collection consists of fi ve core disciplines and

their subdisciplines. The IC distinguishes intelligence disciplines based on their intended

use and the collection source. Descriptions of the fi ve intelligence disciplines are

presented below.

1. Human Intelligence (HUMINT) – HUMINT is defi ned as the collection of information

from a human source. The source may either possess fi rst or second hand

knowledge normally obtained through sight, hearing or activity. It can encompass

threat, neutral or friendly military and civilian personnel.

2. Open Source Intelligence (OSINT) – OSINT explores, exploits and enhances

generally-available public information. Data mining and advanced search

techniques are extremely important due to the extraordinary volume of available

information. This includes sources like television and radio broadcasts, books,

newspapers and the Internet.

3. Signals Intelligence (SIGINT) – SIGINT is defi ned as the collection and exploitation

of signals transmitted from communication systems, radar and weapon systems.

The results from SIGINT are derived from collecting, locating, processing, analyzing

and reporting intercepted communications and non-communications emitters.

SIGINT is subdivided into Electronic Intelligence (ELINT) and Communications

Intelligence (COMINT).

4. Imagery Intelligence (IMINT) – IMINT is geospatial information collected and

processed by a variety of terrestrial, airborne or satellite-based collectors.

5. Measurement and Signature Intelligence (MASINT) – MASINT is a technical

branch of intelligence that uses information gathered by technical instruments such

as radars, lasers, passive electro-optical sensors, seismic and other sensors to

It is important to include key

stakeholders into the decision-

making process since management

makes decisions for the policies and

budgets allocated for security.

6


measure objects or events to identify them by their signatures. This includes the

ability to discretely tag a person, place or thing due to unique signatures. This also

includes acoustic, nuclear, chemical and biological intelligence.

Figure 1

Distinguishing Cyberintelligence

Cyberintelligence (CYINT) – Is not one of the core intelligence disciplines, but rather

a newly-evolving fi eld, that is a hybrid and can consist of any combination or all of the

fi ve core disciplines. Although it can be used as a key component of cybersecurity,

cyberintelligence operates independently of the cybersecurity mission and supports a

variety of operations across every sector of government and industry.

It is critical for organizations to recognize the broader capabilities of this rapidly-

emerging fi eld of intelligence, and how it can be used beyond identifying cyberthreat

actors, technical data about vulnerabilities, malware or IP reputation data.

Cyberintelligence goes beyond these narrow parameters and encompasses the analysis

of actions and events associated with an organization’s physical environment (PESTLE/

STEEPLED), which can lead to forecasting digital threats.

It is critical for organizations to

recognize the broader capabilities

of this rapidly-emerging fi eld of

intelligence, and how it can be used

beyond identifying cyberthreat actors,

technical data about vulnerabilities,

malware or IP reputation data.

7


The Intelligence Cycle

The intelligence cycle consists of the following phases, as shown in fi gure 2 on the

following page:

1. Planning, Requirements and Direction – Planning and direction for intelligence

gathering includes management of the entire intelligence effort, from Priority

Intelligence Requirements (consumer3 guidance and further identifi cation of needs)

to the fi nal intelligence product.4

2. Collection – Following the established direction, the threat intelligence service

gathers potentially useful raw data from relevant sources.

3. Processing – The collected data is consolidated into a standardized format suitable

for detailed analysis.

4. Analysis and Production – The gathered data is analyzed by subject matter

experts to identify potential threats to customer environments. Countermeasures to

respond to identifi ed threats may also be developed in this step.

5. Dissemination – The intelligence analysis is distributed to consumers so that

appropriate protective measures can be taken.

3 Consumer – includes those stakeholders who will consume the product, not only those who purchased the

product.

4 Intelligence product – reports, bulletins or assessments.

8


Figure 2

The Intelligence Funnel

Intelligence is not found as a complete product natively, but is derived from a

structured, rigorous process of identifying noise and data which contain information that

can help meet the goals of a specifi c PIR. This is ultimately analyzed and evaluated. If it

meets requirements, it is converted into an intelligence product which is delivered to the

intelligence consumer.

The basic context is that

management knows the business,

the analyst knows security and they

need to work together to defi ne the

best result.

Consumer Needs –Planning,

Requirements & Direction

25

4 3

1Raw Information

Collected Based on Requirements

Information Processed & Exploited

Intelligence Analysis

& Production

Dissemination of Product

to Consumer

Figure 3

Noise is composed of everything that is

collected according to the PIR.

Data remains after noise is fi ltered and non-

applicable items are removed (scrubbed).

Remaining artifacts are grouped according to

defi ning characteristics.

Information is data with a purpose. Once it is

assigned a purpose it becomes information.

Intelligence is information with a strategic purpose

that can be used to gain an advantage. Intelligence

development is exclusively a human-centered activity.

Actionable Intelligence is intelligence-led, evidence-based assessments which

can be initiated, acted upon and provide clear results, supporting the PIR.

9


Distinguishing Intelligence from Information

A number of security threat intelligence vendors really stop at the “data” or

“information” phase of the intelligence funnel process, but still call the information

delivered threat intelligence. There are defi nable differences between information and

intelligence.

Information: An exploit for a zero-day Java vulnerability is publicly released

on a security mailing list. Shortly thereafter, malware is identifi ed utilizing

the vulnerability. Security vendors notify clients of this threat and provide

recommendations for mitigation. This is threat information (and it is likely very

useful information), but by defi nition, is not threat intelligence.

Intelligence: A security vendor monitoring exploitation of the Java vulnerability

notices infection rates in Asia are much higher than in the U.S. New strains of

malware, which install code associated with a botnet command and control

system on victim devices, are being observed in the wild. At the same time, a large

fi nancial institution has announced the acquisition of a number of smaller, regional

banks surging stock prices and, at the same time, initiating an increase in their

non-suffi cient funds fee from $20 to $35, thereby angering consumers. A number

of hacktivist groups begin discussing a protest against the U.S. banking system

on Twitter and other social media sites, promising to halt online transactions for a

day at major institutions. One hacktivist Twitter account posts instructions for using

botnet command and control software, which appears to be related to the botnet

client code installed by the Java malware.

Piecing these data points together leads to a clearer picture: U.S. banks are likely

going to be targeted with a DDoS (Distributed Denial of Service) attack by a hacktivist

group using botnets based on the Java vulnerability. Based on what is known about

infection profi les, banks can expect the attacks to originate from Asian source IP

addresses. This is threat intelligence – information gathered from a number of disparate

sources, synthesized by human analysts to identify a specifi c threat to a specifi c target.

Threat Intelligence Collection

Targeted attacks, zero-day vulnerabilities and malware exploit kits are areas of concern

for many organizations. However, most organizations simply do not have the resources

Threat Intelligence: Information

gathered from a number of disparate

sources, synthesized by human

analysts to identify a specifi c threat

to a specifi c target.

10


or expertise necessary to independently research and evaluate these threats, much less

determine how relevant the threat is for their organization.

Threat intelligence services are often used as a form of outsourced capability, providing

organizations with access to expertise and resources on advanced security topics,

which they might not otherwise be able to afford. Qualifi ed threat intelligence personnel

have undergone extensive training, possess specialized toolkits and understand the

mind set and approach of modern attackers. They are also adept at data mining from

relevant collection sources as illustrated in fi gure 4 below.

Figure 4 5

Distinguishing Characteristics of Intelligence Events

Indicator Events and Incident Events – In the intelligence lexicon, “events” are raw data

that analysts use to forecast an increased or decreased risk of a threat. These events

are used to identify the key indicators of change to the risk environment which have

already occurred or may occur in the future.

5 Source: http://www.netswitch.net/what-is-threat-intelligence-and-what-should-you-do-about-it/

Threat intelligence services are

often used as a form of outsourced

capability, providing organizations

with access to expertise and

resources on advanced security

topics, which they might not

otherwise be able to afford.

11


Figure 5

These are the specifi c pieces of data which can be used to identify elevated risk of

a threat or to fi ngerprint an attack. Both indicator events and incident events may

be technical (digital) or non-technical (physical) in nature and are used to identify the

environmental factors surrounding a latent or manifest threat or an attack. These can

include:

Physical – Class action lawsuits, legislation or lobbying efforts to effect legislation,

cancellation of a license, political donations, controversial statements by

key personnel made publicly or privately on personal social media accounts,

purchasing of large swaths of key real estate, unpopular policy changes, layoffs,

mergers or acquisitions, environmental damage, moving of headquarters, store

closings or openings in certain demographic or economic centers, etc.

Digital – Numerous failed password attempts, buffer overfl ow, port scanning,

phishing campaigns, increased SQL queries, URLs, fi le names, fi le extensions, fi le

hashes, services or executable, command sequences, HTTP requests, registry

settings, protocols and ports used, etc.

The Information that Threat Intelligence Provides

The end result of the threat intelligence process is to answer the following questions for

stakeholders:

12


Threats – What are current threats of which the organization must be aware?

Cyberthreats faced by organizations fall into a unique category because, by nature,

they are both nebulous and asymmetric. Nebulous is the irregular and elusive

characteristic of the digital environment, while asymmetric relates to the great

imbalance of power between the threat actor and target with an unknown range of

tactics which can be deployed.

Threat Actors – Who/what/where are the groups/people behind specifi c threats?

What are their capabilities, motivations, goals, area(s) of operation, history of

activity?

Targets – Who is being targeted by these threats? Are threats based on geography,

politics, or industry? What are the characteristics of organizations or groups likely

to be targeted?

Methods and Tactics – What are the tactical approaches being taken by attackers?

What is the threat designed to do? What is its focus? What tools and infrastructure

are being used? What are the technologies, versions and user types being

targeted? How are the attacks being delivered to targets?

Countermeasures – What actions can organizations take to respond to specifi c

threats? Threat countermeasures can include: intrusion detection system

signatures, anti-virus signatures, ports/protocols to block or other responsive

actions which can be taken to help protect organizations from identifi ed specifi c

threats.

The Importance of Threat Intelligence in Information Security

There are four principal reasons threat intelligence is becoming recognized as a critical

information security requirement:

1. The fundamental changes in the types of security threats organizations must

defend against and the understanding that the attack surface encompasses far

more than a narrowly defi ned technical parameter.

13


2. The ability to access and utilize resources and expertise organizations might

otherwise not be able to afford.

3. The sheer volume of security vulnerabilities and attack vectors to which

organizations must respond.

4. The continuously expanding spectrum of technologies and environments

organizations must protect.

Change in Cyberthreat Profi les

Risk and threat profi les have changed dramatically in recent years. Cyberthreat

actors are no longer idiosyncratic or dissident individuals and groups. They now

include nation-state actors or sponsored groups, as well as transnational organized

crime groups with considerable resources, support and expertise at their disposal.

These attackers often work together and share or sell tools designed to compromise

targets. These attackers also have time and resources to search for vulnerabilities in

organizational environments. Conversely, those tasked with defending organizations

often have limited resources and budgets to launch an adequate defense, hence the

asymmetric nature of the threat.

The steady rise in documented data loss incidents shown in fi gure 6 provides evidence

that current attacks are increasingly successful.

Documented Data Loss Incidents by Yearfrom http://datalossdb.org/statistics

Figure 6

For this reason, many organizations are turning to threat intelligence services to help

identify threat actors who are targeting their environments and to identify appropriate

responses and mechanisms which can be used to help defend against these attacks.

14


The Volume of Information Security Vulnerabilities

The sheer volume of data which information security personnel analyze can be

overwhelming. Organizations must react to a daily infl ux of vulnerabilities, zero-day

threats, malware, exploit kits, botnets, Advanced Persistent Threats (APT) and targeted

attacks.

The number of Common Vulnerabilities and Exposures (CVEs) identifi ed every year for

the last 15 years is shown in the graph below – over 4,000 new security vulnerabilities

have been identifi ed annually since 2005.

Number of Common Vulnerabilities (CVEs) Issued by Yearfrom http://web.nvd.nist.gov/view/vuln/statistics

Figure 7

The rate of malware identifi cation has also increased in recent years, as shown in fi gure

8. It also documents a dramatic rise in the amount of new malware identifi ed annually

since 2011.

New Malware Identifi ed by Yearadapted from http://www.av-test.org/en/statistics/malware/

Figure 8

15


It is impossible for most organizations to effectively defend themselves against all

conceivable vulnerabilities and malware variants. Threat intelligence, however, can help

organizations understand exploits and malware active in the wild, being exploited in a

particular geographic region or used by threat actor groups targeting specifi c industry

sectors. Intelligence about threats targeted to an organization’s environment can assist

in the prioritization of remediation actions, so that mitigation efforts and resources are

directed to areas with the greatest need and defensive value.

Technology Growth and Usage Changes

Another driver for threat intelligence services is the evolution and expansion of

technologies used in modern computing environments. The number of technologies

in place at most organizations is dramatically higher than it was even two or three

years ago. Bring Your Own Device (BYOD) initiatives, remote workers joining corporate

networks via VPNs on personal devices, pervasive wireless networking, and the

increasing use of virtualization and cloud computing have all dramatically increased the

technologies in use within typical organizational environments. New technologies don’t

typically replace legacy technologies – they are most often an addition, resulting in a net

increase to the organization’s attack surface and vulnerabilities found within.

With these changes in technologies – the use of BYOD, remote users, virtualization,

cloud computing – homogeneous organizational networks with defi ned perimeters

no longer exist. A heterogeneous, distributed user and technology base is the new

standard. This new reality comes with more complexities and more potential risks.

Threat intelligence can help organizations understand emerging threats against this new

architectural reality.

What Do Different Organizations Expect from Threat Intelligence?

Every organization has different information security priorities, assets to protect,

levels of expertise, and varying types of security technology. As a result, different

organizations can have different perceptions, needs, and expectations of threat

intelligence services. Factors infl uencing organizational threat intelligence needs

include:

Intelligence about threats targeted

to an organization’s environment

can assist in the prioritization

of remediation actions, so that

mitigation efforts and resources are

directed to areas with the greatest

need and defensive value.

16


• Organization size.

• Organization alignment with government, retail, and other vertical markets.

• Organization dependencies, including supply chain, business partners, third-party

suppliers, cloud providers, et al.

• Number, sophistication and capabilities of the organization’s information security

resources.

• The organization’s risk posture, and likelihood of being targeted by:

• Nation-state actors/APT for political, economic or intellectual property reasons.

• Transnational organized crime, for fi nancial purposes.

• Hacktivists/attention seekers, looking to embarrass the organization.

Organizations with limited public exposure, not storing or transmitting the types of data

typically desired by attackers, are likely to have different threat intelligence needs than

organizations which are highly visible in the public sphere, maintaining highly desirable

data or are associated with controversial topics.

Low-profi le organizations may be interested in using threat intelligence to help answer

the following questions:

• What key developments are happening in the physical environment surrounding the

organization that are acting as possible catalysts for digital threats?

• Does the organization have a plan of action if its IP or confi dential information

is publicly disclosed? What are the ramifi cations? How does the organization

proceed?

• What is the organization’s greatest fear? What is the one thing the organization or

management does not want to read about or see on TV? Does the organization

have steps to prevent or eradicate such activity?

• Are any competitors coincidently (or deliberately) coming to market with a new

product or idea at the same time the organization is? Is there any indication that

they used some of the organization’s intellectual property (IP)?

17


• Are there vulnerabilities and malware being actively exploited in the wild, which may

be applicable to the organization’s environment? What countermeasures should be

actively taken to protect against those threats?

• Is there any potentially sensitive data about the organization or its users being

posted online? This could include things like acquisition or merger information,

target markets, target clients, proposals, contracts or other business strategy.

• Are negative comments being posted about the organization online? If so, what is

the basis of the comments?

• Are there any similar competing products which seem to be copies of the

organization’s IP? How did some other organization get the information to do this?

• Does any of the organization’s technical IP appear online or associated with a

competing organization? This includes specifi c IP associated with the organization,

like source code, product designs, engineering documents, blueprints,

specifi cations and related technical information.

By contrast, an international organization involved in highly-political industries may

require targeted intelligence on topics such as:

• Is the organization being targeted by activist groups or other attackers? If so, who

is targeting the organization, and why? What is the level of sophistication of these

groups?

• Have any competitors or industry peer groups been recently targeted? Who is

conducting these attacks? What are the technologies being attacked and what

attack vectors are being utilized? Have any of these targeted organizations have

been successful at mitigating these attacks? If so, how?

• Are there any potential cyberthreats associated with upcoming economic or

industry conferences or events which the organization would take part in? If so

provide an overview of potential cyberthreats associated with this event, and

precautions that should be taken.

• Does the organization have non-disclosure agreements (NDAs) or safeguards in

place to prevent industrial espionage?

• Is there an agreed-upon security policy between all contractors and third-party

organizations with which the organization does business?

18


Conclusion

The terms intelligence, cyberintelligence and cyberthreat intelligence have been used

extensively and interchangeably, and often incorrectly, in the information security

community. They have been used quite inaccurately to describe automated indicator

data feed services or data that may be used to further identify and mitigate threats.

However, the very specifi c nature of each of these terms builds on the fundamental

understanding of what true intelligence is and how it is derived. It is important to align

security industry terminology with that of the traditional intelligence community for a

unifi ed understanding.

The cyberlandscape is the new Wild West. The rate at which technology evolves is

accelerating faster than the rate of technology incorporation within government or

security, and that gap will only widen if these issues are not addressed thoroughly

and holistically. The broad spectrum, which encompasses cyberintelligence, has been

severely limited to only its technical capacity of both attacker and target. This ignores

its greater capability to give a 360-degree perspective of the other critical facets of an

organization’s environment and outward presence in the physical domain.

When intelligence is understood and utilized properly, great value can be realized. It

can be a powerful forecasting and analytical tool by identifying emerging and targeted

threats and guiding an organization’s approach and response to real threats on

strategic, operational and tactical levels. Actionable threat intelligence is the result of a

rigorous process, with defi ned goals and targets in mind.

The changes to the cybersecurity landscape over the last several years have been the

primary driver in the need for threat intelligence services. As organizations seek new

sources of threat intelligence, they need to be aware of the differences in the types

of intelligence being delivered by the security industry. This paper was written to help

the reader gain a nuanced understanding of the core concepts of intelligence as the

intelligence community defi nes it and to help differentiate the threat intelligence services

being offered in the industry today.

Actionable threat intelligence is the

result of a rigorous process, with

defi ned goals and targets in mind.

Solutionary.com

Solutionary, Inc.

9420 Underwood Avenue

Omaha, NE 68114

ActiveGuard® US Patent Numbers: 7,168,093; 7,424,743; 6,988,208; 7,370,359; 7,673,049; 7,954,159; 8,261,347. Canadian Patent No. 2,436,096. Solutionary, the Solutionary logo, ActiveGuard, the ActiveGuard logo, are registered trademarks or service marks of Solutionary, Inc. in the United States. Other marks and brands may be claimed as the property of others. The product plans, specifi cations, and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright ©2015 Solutionary, Inc.

Contact Solutionary at [email protected] or 866-333-2133

Solutionary, an NTT Group security company, is the next generation managed security services

provider (MSSP), focused on delivering managed security services and global threat intelligence.

1260WP 1/15

About SERT

The Solutionary Security Engineering Research Team (SERT) protects and informs

Solutionary clients through security threat research, vulnerability analysis and the

development of effective countermeasures. For more information visit

www.solutionary.com to learn more about SERT services, read SERT research or sign

up to receive the Solutionary Minds blog.

About Solutionary

Solutionary, an NTT Group security company (NYSE: NTT), is the next generation

managed security services provider (MSSP), focused on delivering managed

security services and global threat intelligence. Comprehensive Solutionary security

monitoring and security device management services protect traditional and virtual

IT infrastructures, cloud environments and mobile data. Solutionary clients are able

to optimize current security programs, make informed security decisions, achieve

regulatory compliance and reduce costs. The patented, cloud-based ActiveGuard®

service platform uses multiple detection technologies and advanced analytics to

protect against advanced threats. The Solutionary Security Engineering Research

Team (SERT) researches the global threat landscape, providing actionable threat

intelligence, enhanced threat detection and mitigating controls. Experienced, certifi ed

Solutionary security experts act as an extension of clients’ internal teams, providing

industry-leading client service to global enterprise and mid-market clients in a wide

range of industries, including fi nancial services, healthcare, retail and government.

Services are delivered 24/7 through multiple state-of-the-art Security Operations

Centers (SOCs).

For more information, visit www.solutionary.com

http://www.solutionary.com/resource-center/blog/

Threat Intelligence Defined

Documents

Transcript of Threat Intelligence Defined