Resource Optimization and Threat Mitigation: Sapphire’s Cutting-Edge Security Intelligence
With an endlessly creative, well-resourced, and motivated base of attackers, the threat landscape moves at a breakneck pace. Keeping abreast of the latest tactics, techniques, and procedures (TTP) can be challenging for security teams amidst a cascade of other critical information.
Sapphire provides a next-generation security intelligence platform to detect and surface threats in your business context. With intelligent visibility, front-line teams suffer less from threat overload, resources are better deployed, and attacks are more effectively mitigated.
Aware: Enjoy visibility of malicious activity across endpoints, networks, social engineering attempts, and even insider threats and benefit from a risk scoring engine designed to prioritize malicious action
Proactive: Hunt threats and investigates incidents with precision using search functionality powered by Elasticsearch across all information types
Pragmatic: Act on threats using automated incident response and collaborative workflows in a way that is both measurable and pre-configured to comply with all major standards and frameworks
six phases of the security intelligence lifecycle
This phase sets goals for the security intelligence programme. Identify, understand and communicate:
- The information assets and business processes to be protected
- The impact of losing assets or interpreting processes
- The types of security intelligence that your organisation requires
- The priorities about what you need to protect
This is the process of gathering information to address the intelligence requirements, through a variety of means including those listed below.
- Metadata and logs from internal networks and security devices
- Threat feeds from various sources
- Conducting conversations and targeted interviews with knowledgeable sources
- News websites and blogs
- Social media platforms
- Scraping and harvesting websites and forums
- Infiltrating sources such as dark web forums
Processing is the transformation of collected information to a useable format. This can involve automated tools that will process workflows and collection processes.
The analysis process comprises of turning the information gathered into intelligence to inform decisions. The output could be to investigate a potential threat, what actions to take to block an attack, how to strengthen security controls, or how much investment in additional security resources is justified.
During this phase, the security intelligence gathered is shared with the relevant areas of the business. Points for consideration include:
- What security intelligence is needed? How does external information best support the team?
- How should the intelligence be selected and organised?
- How often should this security intelligence be updated?
- Through what media?
Feedback from the various departments is crucial to ensure that the intelligence output can be adjusted based on the requirements and priority changes of each team. This can include:
- What types of data to collect
- How to process and enrich the data
- How to analyse the information and how it should be presented
- Who should receive the intelligence?