We have recently written about how to use threat intelligence to build better awareness programs and how to use that information to improve risk management. We have been talking to customers and others in the security community about this a lot. People are telling us: we want threat intelligence in Microsoft Teams, or Google Hangouts Chat, or Slack!
E-mail is annoying, we manage our work in collaboration software. This is why we now offer threat intelligence with recommendations for defense and awareness directly in Teams and Google Chat. And we are working on a Slack version too!
We collect news from a large number of sources across business media, security media, legal media, blogs, vendor websites and social media around the clock. Our cloud infrastructure pushes all the news to be assessed into a raw intelligence pipeline. Here our analysts will first select what is relevant for our customers.
We do not track every business sector but focus on the news that count for our customers in tech, healthcare, construction and the public sector. We then carefully review the news and assess what the impact could be for our sectors, and add recommendations for how to mitigate or deal with the impact of the intelligence.
Only a fraction of the collected material is released to our customers. The intelligence reports that find their way into your Teams or Hangouts Chat channel are relevant to your business, and come with suggested actions to take. Actions can be related to awareness training, technical measures or simply keeping an eye on matters as they develop.
How our threat intel saves time
When we talk to people in the security community, they often tell us they would like to focus on OSINT (open source intelligence). The reason people mention when they would like to have an intelligence program but don’t, is that they don’t have time for it, or money to hire analysts. Getting our threat intel and recommendations cannot replace a full analyst team, but it sure gives you a head start for a fraction of the cost. Let’s look at the intelligence cycle and how to get value out of each stage.
|Requirements||Review what counts|
What do we need to know to protect our operations?
|Low to medium, depending on understanding of risk picture and ambitions.|
|Collection||Set up infrastructure|
Determine sources of intelligence
Store and categorize
|Infrastructure: significant investment in development or procurement|
Source selection: significant effort in selection of good sources and assessment of usefulness
Storage and categorization: ongoing analyst work. Can be helped by AI.
|Analysis||Review information and add context|
Assess potential impact to technology and organization
Provide recommended actions.
|Significant manual work, ongoing work load.|
|Dissemination||Document assessment in report|
Send out in channels where recipients can be reached.
|Documentation requires structure and effort.|
Select the recipients of each report.
Effort of reaching recipients depends on communication practice in the organization
Cybehave cannot solve all the threat intellgence challenges mentioned above, but we take the need for the collection pipeline out of the equation, provide filtering of the important from the noise and hyperbole of following information security news. We also provide first-level triage of the information collected with actionable recommendations. To further help lower the noise level, our dissemination depends on the business sector of your company. All of this you can get automatically in your Teams or Google Chat channel. Then you can spend your time doing what matters.
Steps to get actionable threat intelligence in Teams
Here’s how to takea shortcut to a useful threat intelligence program.
- Decide what your most valuable assets are
- Figure out what you would like to know and why
- Is your current management practice and cybersecurity awareness program informed by threat intelligence?
- Finally: sign up for Cybehave’s threat intelligence program today!