Threat Detection System group-ib.

com

Group−IB

THREAT
INTELLIGENCE
Attack attribution based
on Threat Intelligence data.
Threat Intelligence

Threat actor map Threat attribution tools Threat Intelligence

Secure Bank / Secure Portal
 Evolution of Threat
Detection Approach
The best approach is to manage
attackers rather than indicators, which are often
irrelevant to your organisation, and build a security
system based on that knowledge.

Threat Intelligence

From Indicator Management Threat Intelligence is a solution

for analyzing and managing adversaries and threats
to Attacker Management that could affect your business.

Act on answers to:

• Who and what are your security systems detecting? • Can your security system withstand
a cyberattack?
• Who poses a threat to your business?
• What security measures should be taken
• What tools can be used to attack your organisation
to ensure adequate protection?
and how?

Key differences:

1 Attacker
management in lieu
2 Protection against
attackers rather than
3 In-depth research
into attackers instead
4 The most relevant
data with up-to-date
of indicator irrelevant or general of raw data analysis. context.
management. threats.

New approach by Group-IB

Security tests Test your environment with intelligence-driven

Red team against TTPs of relevant threat actors.

TTPs Deep analysis of tools and procedures matched

with MITRE ATT&CK Matrix.

Attacks Timeline of attacks performed by relevant

threat actors. Focused research and hunting.

Adversaries Matrix of threat actors targeting you, your industry,

and partners.

Threat Intelligence
 How Threat Intelligence Works

Detect Collect Analyse

Attribute Hunt Protect
Local Threats Intelligence TTPs

Adversary Threat Actor Infrastructure Exposure

Profiles

Attack Technical Indicators Compromised Data Internet Snapshots

Timelines

Incident Threat Botnet Distributed

ISP sensors Phishing Dark Web Passive
Response & Detection & Phishing Internet
& Honeypots & Malware & Leaks DNS, SSL
Investigations System Exfiltration Scanners

GROUP–IB THREAT INTELLIGENCE

1 Detection
• Your security systems continuously detect threats.
• Threat Intelligence exposes what is overlooked
by current solutions.
• All detected threats undergo attribution.
2 Ranking
• Attackers are ranked according
to their relevance.
• Threat hunting for new data is built
around these attackers.
• Data on attackers is converted
into their TTPs for future checks.

3 Attribution
and enrichment
• Raw data from web servers and malware is fed
4 Testing
into the system. • New and relevant techniques are used
for testing security systems.
• Attacks are matched to known threats through
correlation between raw data and Threat Intelligence. • Testing is carried out by either a local
team or Group-IB’s Red Team.
• Tools for analyzing malware and searching for hidden links
make it possible to attribute yet unknown threats.

• Enriched indicators are integrated into security

systems for more effective threat detection.

Key advantages
Integration with built-in
Built-in attribution tool security solutions with STIX / In-depth analysis of attackers
TAXII, API/JSON support

Automated threat hunting,

Personalized and the most Collaboration with experts incident response, and
relevant threat intelligence in various fields malware research

Group-IB is ranked among the best threat intelligence vendors in the world by Gartner,
IDC, Forrester, Cyber Defense Magazine, and SC Media.

group-ib.com
group-ib.com

Group–IB is a leading provider

of advanced Threat Intelligence,
best–in–class anti–APT
and anti–fraud solutions.

Group–IB is ranked among the best threat intelligence

vendors in the world by Gartner, IDC, Forrester, Cyber
Defense Magazine and SC Media.
INTERPOL EUROPOL
We have provided professional development training
to Europol, INTERPOL, law enforcement agencies Official partners
and corporate security teams on four continents.

16 years 60 000+ 1 000+ 360+

of hands−on hours of incident cybercrime world−class
experience response investigations cybersecurity
worldwide experts

Learn more
Intelligence–Driven Services
about Threat Intelligence
group-ib.com
Strengthen your cybersecurity posture with services
and advice from experienced specialists with ‘boots
on the ground’ and access to one of the most advanced
threat intelligence gathering infrastructures in the world.

Contact us to test
Threat Intelligence
info@group-ib.com
Security & Risk Threat Hunting
Assessment & Response

• Penetration Testing • 24/7 CERT–GIB

Get to know us • Vulnerability Assessment • External and Internal Threat
• Source Code Analysis Hunting
group-ib.com
info@group-ib.com • Compromise Assessment • Onsite Incident Response
twitter.com/ • Red Teaming • Incident Response Retainer
GroupIB_GIB
• Pre–IR Assessment
• Compliance Audit Digital Forensics

Cyber Education • Digital Forensics

• Investigations of hi–tech financial
• Digital Forensics & corporate crimes, critical
infrastructure attacks
• Incident Response
• Malware Analysis