Threat intelligence is a critical component of any security service, adding processing and sorting of information to produce accurate, timely and comprehensive alerts. From actively monitoring threat feeds to hunting for new threats targeting similar verticals, organizations need to use multiple techniques to stay ahead of cybercriminals. By employing in-depth knowledge of potential or current attacks, security experts are better prepared to catch threats before they can cause serious damage.
Key elements of threat intelligence and discovery should include:
Effective threat discovery is at the heart of Proficio’s managed detection and response service. We analyze security events by correlating data from critical log sources with security use cases and threat intelligence data. Events are further prioritized based on contextual risk including the importance of the affected asset and applied security controls. Our Security Analysts investigate suspicious behavior using the MITRE ATT&CK framework and use AI-based threat models for threat hunting. Proficio’s proprietary Threat Intelligence Platform (TIP) enriches log data, provides context to alert notifications, and enables us to more accurately detect threats. Threat data is ingested into the client’s SIEM instance and correlated with other log data to prioritize security events. Proficio includes a wide range of open-source threat feeds in our core service and can add commercial or industry threat data as required by each client. Our dedicated Threat Intelligence Team is constantly monitoring the threat landscape to detect new types of attacks, critical vulnerabilities, and the behavior of cybercriminals and other adversaries.