How to buy Intelligence for my Company's Security

How to buy Intelligence for my Company’s Security

Isn’t it evident that Intelligence methodology might be one of the best ways to enrich cybersecurity programs with a Prevent-Breach strategy? If so, how do advanced security teams not introduce it to their work? Our experience and conclusions will help you to move forward in your Cyber-Intelligence Program in a very cost-efficient way. We are convinced that Intelligence might be today the most critical contributor to increasing the actual level of digital security in an organization.

Most cybersecurity programs are based and developed on the principles of pure IT-Security in different areas: Intrusion detection to authentication solutions, permissions policies to firewalls, secure development to patch management, etc., with a very light touch of cyber-awareness and training. In some cases, not so many, we see threat intelligence approaches, most related to the technologies (hardware and software) used within the company.

I am Sally‘s approach is different, very much different. It is a digital revolution to cybersecurity strategies: To include Intelligence methodology to take advantage of what malicious actors know to reduce our digital risk exposure.

We talk about leaked credentials available in closed forums, breaches or black markets, Info-stealers (botnets) that can be found on closed forums and similar places, leaked information, exposed devices, data from black markets, documents, and even insiders or social media related content.

In other words, we combine OSINT and DARKINT, with big data and AI capabilities to prepare structured and categorized data to be reviewed by the eye of experienced analysts. With these analyses, we generate Digital Vulnerability Scans to reduce the risk exposure of the company’s assets: humans, databases, servers, IP-addresses, users, credentials, domains etc. Cybercriminals might exploit any digital or physical assets to compromise company systems, networks, or business strategies.

But the question remains: Why are not more companies investing in intelligence programs? What we have found with our customers is that it is a question of lack of experience and knowledge in the buying process. Most cybersecurity teams we meet are good at IT-security and similar approaches but are not used to buy or integrate Intelligence. If they buy Intelligence, they buy Threat Intelligence delivered by IT-security or cybersecurity suppliers, meaning people with similar backgrounds and experience that they have.

To say it more straightforwardly, they do not really know how to buy Intelligence, and they are apprehensive about the quality of the data they get. They are right to be so. We often get the question, but how much is out there about “us” that might compromise my security and increase my risk exposure? What happens if I pay and you do not find so much or anything at all?

Those are relevant questions when you do not feel secure in your buying process of Intelligence. The same questions could apply to a pen-testing purchase: What happens if I pay, you carry out the penetration tests, and you do not find anything relevant? Any Cybersecurity practitioner will tell you that if the tests have been conducted with good quality, you should be very happy about that outcome. And today, most companies happily pay for those tests as a service to purchase.

We usually carry out non-intrusive pen-tests, also called “Vulnerability Scans,” before the real pen-testing to see the “status” and need of the whole service before moving forward.

  1. Vulnerability Scans for GAP-Analysis: An overview of the actual status of the network related to security. A tool to calculate time and budget to move forward with the project looking for more profound insides and implementation of resources, processes, systems, tools etc. to reduce the GAP related to security.
  2. Implementation Project: A penetration testing project as part of a security audit.
  3. Security Controllers: It is a follow-up (monitoring/surveillance) to increase the efficiency and performance of the security program dynamically and continuously.

These three steps follow not only an IT- Project process but also the natural security process we have learned so many times:

  • Vulnerability Scan (including an inventory and categorization of the assets to protect).
  • Risk Assessment
  • Mitigation part

Our mission at I am Sally is to increase security and minimize risk exposure by using Intelligence to enrich Security Programs with proactive work to try to be ahead of malicious actors.

However, the opening question of this article is still open: How can we help companies adapt Intelligence in their proactive security and risk management work cost-efficiently? We believe the way to do this is to use the same steps that have always been used in those areas, as explained before: Gap-Analysis, Implementation and follow-up, being the first step, a cost-efficient one lowering the entry level to Intelligence.

We at Sally have adapted the introduction of a Prevent-Breach Strategy using Intelligence to the natural process described before:

  1. GAP Analysis: This overview of findings in different categories is described below. The summary shows the company’s vulnerabilities in each category and is delivered in a two-hour report presentation of the most relevant findings.This is to help the companies make decisions based on real facts and data. The company will be able to decide if it is worth continuing with the deeper Digital Intelligence Risk Assessment, to go directly to the surveillance approach, or to stop and conduct a new vulnerability scan later – like every year or half year – that fits the risk management process.

A Digital Security Check is like an MRI of your Business Digital Footprint

  1. Digital Intelligence Risk Assessment: The ability to get all the data related to each one of the vulnerabilities, understand attack vectors and correct as many vulnerabilities as possible.
  2. Introducing Digital Risk Intelligence Surveillance as a part of the security program to monitor risks and discover new digital vulnerabilities continuously.

 

We use this traditional methodology to help our customers implement intelligence methodology in their Security programs.

Please contact us if you want to try a vulnerability scan of your company domain.