Description of the service

Cyber Threat Intelligence (CTI) is a crucial activity that focuses on in-depth analysis of “raw” data collected from internal and external sources during security events, both recent and past, to monitor, detect, and prevent threats that could affect an organization.

CTI shifts the focus from traditional reactive defense, which responds to incidents after they have occurred, to preventive and “smart” security measures, which allow attackers to anticipate their moves and strengthen the security posture.

Ideally, CTI should become the foundation on which an enterprise builds a secure, vigilant and resilient defense perimeter.

By integrating CTI with other security capabilities, such as Security Information and Event Management (SIEM), security teams can correlate events with intelligence data to detect advanced threats in real time.

In addition, CTI is essential to strategic decision making, enabling management to align security policies with the changing threat landscape and improve incident response capability through targeted exercises and regular updates to security protocols.

Who is the service intended for?

The Cyber Threat Intelligence (CTI) service is designed for all organizations that want to improve their ability to defend against cyber threats, anticipate potential attacks, and take a proactive approach to security. It is particularly useful for:

• Companies of any size,
  from small and medium-sized enterprises to large multinational corporations who want to better understand the threat landscape, protect their critical assets, and adapt their defenses based on up-to-date threat intelligence.
• Financial and insurance institutions,
  banks, investment companies, and insurance companies that handle sensitive data and need to prevent fraud and security breaches. CTI helps to quickly identify industry-specific threats and take effective countermeasures.
• Regulated and high-risk industries,
  organizations operating in industries such as healthcare, energy, telecommunications, and defense, which must comply with security regulations such as GDPR, HIPAA, NIST, and PCI-DSS, and which need an up-to-date, in-depth view of threats.
• Government and public institutions,
  government agencies and institutions that handle sensitive or critical national security information can benefit from CTI to identify malicious actors and prevent strategic and geopolitical threats.
• Information security team and chief information security officer (CISO),
  security managers who want up-to-date information on emerging threats, Indicators of Compromise (IOCs), and Tactics, Techniques, and Procedures (TTPs) used by attackers to improve incident response and security resilience.
• Technology companies and security service providers,
  security solution providers, Managed Security Service Providers (MSSPs), and cybersecurity companies that use CTI to strengthen their products and services, improve customer defenses, and contribute to overall security through intelligence sharing.

The Cyber Threat Intelligence (CTI) service is ideal for anyone who wants to make evidence-based decisions to effectively prevent, detect and respond to cyber threats.

Benefits of the service

The main benefits of the service are:

• Preventing data loss,
  monitors connection attempts with malicious domains and collects intelligence data.
• Detecting potential system flaws,
  detects viruses, intrusions, and failures to comply with protocols.
• Incident response,
  provides guidance in the event of a Data Breach, especially regarding the scale of it and its modus operandi.
• Threat analysis,
  valuable insight into defense mechanisms and all other measures required to strengthen the perimeter. defense.

Output of the service

The Cyber Threat Intelligence service produces in output:

• Full report,
  Report detailing all activities performed.
• Summary report,
  Report reporting only the final considerations of the activity.

How the service works?

The process is divided into several key steps to ensure that the service is carried out smoothly and effectively. Here are the main activities that will be carried out:

1. Search for company and/or specific people’s information from the dark web,
   identify and monitor any sensitive data of an organization or specific individuals that may have been exposed or compromised. This activity involves scouring the dark web, clandestine forums, illegal digital marketplaces, and other unindexed sources for information such as stolen login credentials, confidential company data, financial details, or sensitive personal information.
2. Checking for corporate credentials in stolen password databases,
   by searching for the presence of company email addresses and related passwords in stolen password databases and checking for password reuse by trying to access the mail service.
3. Mapping of all services exposed on the internal network and/or on the Internet by the Company,
   identification of critical issues present (e.g., presence of unauthorized services, use of outdated software and/or affected by known vulnerabilities, exposure of services accessible without authentication or with weak credentials, or presence of system/application misconfigurations).
4. Identification of any fraudulent domains,
   a snapshot of the possible presence of similar fraudulent business domains will be taken, thanks to a Solution internally developed by ITC, once the Client releases the list of domains to be protected. The Solution identifies potential illicit activities that are currently active.

Average time of engagement

The average time frame for engagement is 8-15 working days.