top of page

Critical Skills -Workforce  Development

Threat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks, or degrading their infrastructure. Tactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment.

Integrating & Managing Threat Intelligence

A threat intelligence is the analytical knowledge, proactive or reactive to identify and manage emerging threats before they become a global threat within your organization.  This could be the knowledge we acquire during our assessment while working collaboratively with our customers, or this can be a part of routine data collection during the normal a constant collection of threat data.  The delivery of threat intelligence information to your organization depends largely on the type of network and infrastructure you use. As a thumb rule, MasonBlue leverages your infrastructure first, application next and then the custom approach as next layer of protection.

 

If you are a Cisco Shop, we assist you to control the security first by taking advantage of Cisco's inbuilt tools for automating the threat prevention. We implement  firewalls, edge routers and intrusion prevention systems (IPS) to supplement effort.  Once a threat is discovered, a CTI service can immediately contact next-gen firewalls and IPS hardware and push a fresh list of blacklisted IP addresses or signatures designed to preempt threats.

How do we help ?  - Our Process

We support these stages as supported by automated workflows to streamline the threat detection, management, analysis, and defensive process and track it through to completion:

  • Collect –  Establish TIP platform to collect and aggregate multiple data formats from multiple sources including CSV, STIX, XML, JSON, IODEK, OpenIOC, email and various other feeds.  Automation to Integrate with SIEMs to handle multiple Threat Intelligence feeds, are possible for ad hoc importing or for analyzing unstructured formats that are regularly required for analysis.

  • Correlate – Automate the process to analyze, correlate, and pivot on data so that actionable intelligence in the who, why and how of a given attack can be gained and blocking measures introduced. 

  • Enrichment and Contextualization – Using third party threat analysis applications augment threat data, develop potential scenarios on how an attack can happen. Enrich the collected data to create and enable IP and domain block-lists.

  • Analyze – Through manually or automatically analyze the content of threat indicators and the relationships between them to enable the production of usable, relevant, and timely threat intelligence from the data collected.

bottom of page