As both the number and the sophistication of cyberattacks continues to grow, the Harvard Business Review makes a case for threat-informed defense, describing a need for “greater transparency, accuracy, and precision around how we perform against likely threats” as a way to stay secure against the mounting risk. 

At KELA, we deliver 100% real, actionable, timely and contextual intelligence about threats and threat actors, helping organizations mitigate digital security risks — but how does this kind of cyber threat intelligence (CTI) practically equate to business benefits or risk reduction? This article looks at eight key examples, and how they deliver value to your organization. 

Attack Surface Intelligence

CTI provides a comprehensive view of any organization’s digital footprint as seen through the eyes of potential attackers. It identifies unsecured entry points and vulnerabilities in publicly accessible systems that might not be evident through internal assessments.

At KELA, our Visual Reconnaissance capability provides security teams with an accurate and complete picture of network issues, including external-facing assets that are exposed to threat actors. The CISO is immediately alerted to exposures or misconfigurations in internet-facing assets which are opening the business to immediate risk. 

Vulnerability Intelligence

By investigating, actively monitoring and reporting on new and emerging vulnerabilities, CTI adds context and insights to the remediation and mitigation process.  This intelligence helps organizations prioritize patches and defenses against vulnerabilities that are actively being exploited in the wild.

Formal vulnerability scoring and assessments often don’t equate to the real-world risk of the vulnerabilities themselves, leaving security teams with a gap to bridge in understanding where to prioritize resources and effort. At KELA, vulnerability intelligence is leveraged to understand specific risks, exploits and proofs-of-concept alongside  the true mindset of the attacker, supporting organizations in closing the gap, and prioritizing which vulnerabilities matter in relation to business context.  

Third-Party Risk Monitoring and Software Supply Chain

A recent report reveals that 98% of organizations are connected to a third party that has experienced a breach. These kinds of indirect threats are unlikely to be picked up on by traditional security solutions, and yet according to the same report, 29% of attacks originate from third party vulnerabilities. 

CTI is essential for third-party risk management, evaluating risks associated with third-party vendors and supply chains, and continuously monitoring third-party vulnerabilities and breaches. By retaining complete visibility into all vendors, including initial access, ransomware attacks, or bot activity that results in leaked credentials or account compromise, KELA offers insights into potential indirect threats that could impact your organization. Organizations can also benefit from a predictive score that estimates the probability of a cyber attack, alongside tips for remediation. 

Executive Protection

Many attacks today are targeted at the top of the food chain, recognizing that the credentials of the C-suite are the master key to the whole organization. When an attack such as Business Email Compromise (BEC) is successful, threat actors can use these credentials to establish a deeper foothold, gain access to critical assets, or launch doxxing attacks against individuals and businesses.  

CTI can identify and understand a targeted attack campaign, for example advanced persistent threats (APTs) that are aimed at a specific industry or organization, or a spear-phishing attack that is targeted at one particular executive. 

KELA tracks any mentions of VIPs or executive decision makers across its entire data lake, and continuously monitors to uncover mentions of executive names, credentials or PII in a wide range of raw data. Alongside the tactics, techniques and procedures (TTPs) of threat actors in detail, organizations can launch more effective and tailored defenses against this risk. 

Brand Intelligence

When threat actors leverage your brand and your good name to launch an attack against your customers, it’s often your organization that pays the price. Attacks such as typosquatting or brand impersonation happen outside of your own security perimeter, but the public rarely cares that it was outside of your control when the email or website that deceived them had your name attached. 

CTI is a powerful tool for brand intelligence, detecting all instances of unauthorized or malicious use of your brand, including fake domains, phishing URLs, and typosquatting domains that could damage your reputation. KELA’s CTI identifies content abuse at the earliest stages, including monitoring any mention of your organization in third party attacks, financial leaks, or database breaches. 

Geopolitical Intelligence

As global instability surges, many people have called 2024 the Year of the Hacktivist. Hacktivism increased by 27% in 2023, and is triggered by both political and social causes. CTI is able to consider the complex and dynamic geopolitical landscape to support organizations in anticipating the risk of hacktivism, espionage, and other politically motivated activities, and in mitigating their impact, especially useful for those who work across international markets. 

KELA provides decision-makers with a way to stay effortlessly informed, offering an immediate high-level view using its Threat Landscape module, including overarching trends, targeted daily highlights, and a detailed intelligence feed, allowing organizations to consume technical intelligence feeds by geography or cause. On top of this, our Threat Actor module  consolidates online personas into one centralized and unified view, going beyond published data and posts alone to provide a broad understanding of the characteristics of the attacker.

Identity Intelligence 

While many security tools protect against brute force attacks or network vulnerabilities that may provide access, cyberattacks using valid user credentials spiked by 71% in 2023. CTI works against this risk in a number of ways, actively monitoring and detecting credential leaks across various platforms including the dark web, and keeping tabs on the sale and distribution of infostealer logs — designed to harvest credentials and IP addresses from infected systems. 

With smart automation of key processes, KELA offers superior quality of information, alongside the context organizations need to intelligently prioritize its efforts. The platform supports security teams in identifying compromised assets and account credentials before they can be used. Playbooks and integrations can be used to automate remediation actions such as password resets, quarantining and more.

Fraud Prevention

Fraud impacts organizations’ financial and operational integrity, and covers a wide range of risks including phishing, advance-fee fraud, web and email scams, and more. Cyber Threat Intelligence is instrumental in identifying the patterns and tactics associated with fraudulent activities. 

At KELA, we track and research fraud by leveraging raw data and real-time discussions around fraud TTPs, uncovering relevant images such as checks or account screenshots, and information from credit card market listings, Telegram chatter, and bots that attack consumer assets. In addition, Identity Intelligence can also be leveraged to monitor compromised customer accounts, reducing the risk of these accounts being used for fraudulent purposes. 

The impact of cyber threat intelligence can be felt across the business, and we’ve just scraped the tip of the CTI use case iceberg! Whether you’re looking to implement CTI for a specific use case, or to better monitor and mitigate a wide range of risk in your business environment, sign up for a free trial of KELA’s Cyber Threat Intelligence Platform.