Security Intelligence

Resource Optimisation and Threat Mitigation: Sapphire’s Cutting-Edge Security Intelligence

With an endlessly creative, well-resourced, and motivated base of attackers, the threat landscape moves at a breakneck pace. Keeping abreast of the latest tactics, techniques, and procedures (TTP) can be challenging for security teams amidst a cascade of other critical information.

Sapphire provides a next-generation security intelligence platform to detect and surface threats in your business context. With intelligent visibility, front-line teams suffer less from threat overload, resources are better deployed, and attacks are more effectively mitigated.

Aware: Enjoy visibility of malicious activity across endpoints, networks, social engineering attempts, and even insider threats and benefit from a risk-scoring engine designed to prioritise malicious action.

Proactive: Hunt threats and investigate incidents precisely using search functionality powered by Elasticsearch across all information types.

Pragmatic: Act on threats using automated incident response and collaborative workflows in a way that is both measurable and pre-configured to comply with all major standards and frameworks.


six phases of the security intelligence lifecycle

This phase sets goals for the security intelligence programme. Identify, understand and communicate:

  • The information assets and business processes to be protected
  • The impact of losing assets or interpreting processes
  • The types of security intelligence that your organisation requires
  • The priorities about what you need to protect


This is the process of gathering information to address the intelligence requirements through a variety of means, including those listed below.

  • Metadata and logs from internal networks and security devices
  • Threat feeds from various sources
  • Conducting conversations and targeted interviews with knowledgeable sources
  • News websites and blogs
  • Social media platforms
  • Scraping and harvesting websites and forums
  • Infiltrating sources such as dark web forums

Processing is the transformation of collected information to a useable format. This can involve automated tools that will process workflows and collection processes.


The analysis process comprises of turning the information gathered into intelligence to inform decisions. The output could be to investigate a potential threat, what actions to take to block an attack, how to strengthen security controls, or how much investment in additional security resources is justified.


During this phase, the security intelligence gathered is shared with the relevant areas of the business. Points for consideration include:

  • What security intelligence is needed? How does external information best support the team?
  • How should the intelligence be selected and organised?
  • How often should this security intelligence be updated?
  • Through what media?


Feedback from the various departments is crucial to ensure that the intelligence output can be adjusted based on each team’s requirements and priority changes. This can include:

  • What types of data to collect
  • How to process and enrich the data
  • How to analyse the information and how it should be presented
  • Who should receive the intelligence?

Frequently Asked Questions

Security Intelligence is the collection, standardisation, evaluation and analysis of security data generated by an enterprise. This data comes from the organisation’s network, applications, and IT infrastructure in real-time.

Understanding the adversary’s tactics, techniques, and procedures is crucial to reducing risk. With a digitised attack surface, the enterprise can now use every connected software and hardware as a separate element in a sensor array. This is used to build a picture of the threats targeting an organisation so security teams can better prepare.

Security Intelligence can help with the following:

Improved standards and regulatory compliance: A clear view of risk is crucial to comply with standards such as PCI DSS, HIPAA, NERC CIP, SOX, and the ISO 27001 standard.
Enhanced remediation and detection

Reduce malware success rates and decrease dwell time to minimise the window of attack.

Cost efficiency

Understand where resources should be deployed to improve risk equation and reduce waste.

Reduction of insider fraud, data leakage, and theft

Quickly monitor, identify, and mitigate insider threats by understanding where employees might be culpable for data loss and theft.