With an endlessly creative, well-resourced, and motivated base of attackers, the threat landscape moves at a breakneck pace. Keeping abreast of the latest tactics, techniques, and procedures (TTP) can be challenging for security teams amidst a cascade of other critical information.
Sapphire provides a next-generation security intelligence platform to detect and surface threats in your business context. With intelligent visibility, front-line teams suffer less from threat overload, resources are better deployed, and attacks are more effectively mitigated.
Aware: Enjoy visibility of malicious activity across endpoints, networks, social engineering attempts, and even insider threats and benefit from a risk scoring engine designed to prioritize malicious action
Proactive: Hunt threats and investigates incidents with precision using search functionality powered by Elasticsearch across all information types
Pragmatic: Act on threats using automated incident response and collaborative workflows in a way that is both measurable and pre-configured to comply with all major standards and frameworks
This phase sets goals for the security intelligence programme. Identify, understand and communicate:
This is the process of gathering information to address the intelligence requirements, through a variety of means including those listed below.
Processing is the transformation of collected information to a useable format. This can involve automated tools that will process workflows and collection processes.
The analysis process comprises of turning the information gathered into intelligence to inform decisions. The output could be to investigate a potential threat, what actions to take to block an attack, how to strengthen security controls, or how much investment in additional security resources is justified.
During this phase, the security intelligence gathered is shared with the relevant areas of the business. Points for consideration include:
Feedback from the various departments is crucial to ensure that the intelligence output can be adjusted based on the requirements and priority changes of each team. This can include:
Security Intelligence is the collection, standardisation, evaluation and analysis of security data generated by an enterprise. This data comes from the organisation’s network, applications, and IT infrastructure in real-time.
Understanding the adversary and their Tactics, Techniques and Procedures is crucial to reducing risk. With a digitised attack surface, the enterprise can now use every single connected piece of software and hardware as a separate element in a sensor array. Collectively, this is used to build up a picture of the threats targeting an organisation so security teams can better prepare.
Security Intelligence can help with the following:
Reduce malware success rates and decrease dwell time to minimise the window of attack
Understand where resources should be deployed to better improve your risk equation and reduce wastage
Quickly monitor, identify, and mitigate insider threats by understanding where employees might be culpable for data loss and theft