Security Intelligence
Resource Optimisation and Threat Mitigation: Sapphire’s Cutting-Edge Security Intelligence
With an endlessly creative, well-resourced, and motivated base of attackers, the threat landscape moves at a breakneck pace. Keeping abreast of the latest tactics, techniques, and procedures (TTP) can be challenging for security teams amidst a cascade of other critical information.
Sapphire provides a next-generation security intelligence platform to detect and surface threats in your business context. With intelligent visibility, front-line teams suffer less from threat overload, resources are better deployed, and attacks are more effectively mitigated.
Aware: Enjoy visibility of malicious activity across endpoints, networks, social engineering attempts, and even insider threats and benefit from a risk-scoring engine designed to prioritise malicious action.
Proactive: Hunt threats and investigate incidents precisely using search functionality powered by Elasticsearch across all information types.
Pragmatic: Act on threats using automated incident response and collaborative workflows in a way that is both measurable and pre-configured to comply with all major standards and frameworks.
Direction
six phases of the security intelligence lifecycle
This phase sets goals for the security intelligence programme. Identify, understand and communicate:
- The information assets and business processes to be protected
- The impact of losing assets or interpreting processes
- The types of security intelligence that your organisation requires
- The priorities about what you need to protect
Collection
This is the process of gathering information to address the intelligence requirements through a variety of means, including those listed below.
- Metadata and logs from internal networks and security devices
- Threat feeds from various sources
- Conducting conversations and targeted interviews with knowledgeable sources
- News websites and blogs
- Social media platforms
- Scraping and harvesting websites and forums
- Infiltrating sources such as dark web forums
Processing
Processing is the transformation of collected information to a useable format. This can involve automated tools that will process workflows and collection processes.
Analysis
The analysis process comprises of turning the information gathered into intelligence to inform decisions. The output could be to investigate a potential threat, what actions to take to block an attack, how to strengthen security controls, or how much investment in additional security resources is justified.
dissemination
During this phase, the security intelligence gathered is shared with the relevant areas of the business. Points for consideration include:
- What security intelligence is needed? How does external information best support the team?
- How should the intelligence be selected and organised?
- How often should this security intelligence be updated?
- Through what media?
feedback
Feedback from the various departments is crucial to ensure that the intelligence output can be adjusted based on each team’s requirements and priority changes. This can include:
- What types of data to collect
- How to process and enrich the data
- How to analyse the information and how it should be presented
- Who should receive the intelligence?
