Security is Everyone's Job
Threat intelligence is the process of collecting, analyzing, and disseminating information about the current and emerging cyber threats that may affect an organization’s assets, operations, or reputation.
Threat intelligence can help security teams to identify, prioritize, and respond to the most relevant and impactful threats, as well as to proactively prevent or mitigate future attacks.
Threat intelligence can also provide insights into the tactics, techniques, and procedures (TTPs) of threat actors, their motivations, and their capabilities
Forensics is the process of examining and preserving digital evidence from various sources, such as devices, networks, applications, or data storage, to support investigations of cyber incidents or crimes.
Forensics can help security teams to determine the root cause, scope, impact, and attribution of an attack, as well as to recover lost or compromised data.
Forensics can also provide legal proof of malicious activities and support prosecution or litigation
Threat intelligence and forensics are complementary disciplines that can enhance the effectiveness and efficiency of cybersecurity operations.
Threat intelligence can inform forensics by providing contextual information and indicators of compromise (IOCs) that can help narrow down the scope and speed up the analysis of digital evidence.
Forensics can enrich threat intelligence by providing detailed information and indicators of attack (IOAs) that can help update and refine the threat profiles and detection rules.
Together, threat intelligence and forensics can enable security teams to detect, analyze, and respond to cyber threats in a timely and accurate manner
SOCRadar Digital Risk Protection Platform: This is a digital risk protection platform that helps organizations to discover, monitor, and defend their digital assets from cyber threats. It provides continuous visibility into an organization’s attack surface, threat landscape, and brand reputation. It also offers threat intelligence feeds, automated response actions, and incident management features
IBM Security X-Force: This is a threat intelligence service that provides access to a global network of security experts, researchers, analysts, and tools. It delivers curated threat data, analysis, reports, and recommendations that help organizations to understand and respond to the evolving threat environment. It also offers threat hunting, incident response, and threat management services
CrowdStrike Falcon X: This is a threat intelligence platform that integrates with the CrowdStrike Falcon endpoint protection platform to provide automated threat analysis and response. It leverages the CrowdStrike Threat Graph to deliver contextualized intelligence on adversaries’ tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and indicators of attack (IOAs). It also enables security teams to create custom indicators and rules for detection and prevention
Recorded Future Intelligence Cloud: This is a cloud-based threat intelligence platform that leverages artificial intelligence and machine learning to collect, analyze, and deliver real-time intelligence on cyber threats, geopolitical events, and financial markets. It provides actionable insights, alerts, reports, and dashboards that help organizations to reduce risk, improve decision making, and enhance security operations
IntSights External Threat Protection Suite: This is a threat intelligence platform that provides comprehensive protection against external threats, such as phishing, data leakage, brand impersonation, credential theft, and dark web exposure. It monitors the surface web, deep web, dark web, social media, mobile apps, and other sources to detect and mitigate threats targeting an organization’s digital footprint
Magnet Forensics: This is a digital forensics software company that offers a suite of products for different types of investigations. Magnet AXIOM is a comprehensive solution for computer, mobile, cloud, and IoT forensics. Magnet OUTRIDER is a triage tool for quickly scanning devices for potential evidence. Magnet AUTOMATE is a workflow automation tool for scaling digital forensics operations
OpenText EnCase Forensic: This is a digital forensics software that enables investigators to acquire, analyze, and report on digital evidence from various sources. It supports over 26 thousand types of devices and file systems. It also offers advanced features such as encryption detection and decryption, deleted file recovery, keyword search, hash analysis, timeline analysis
Cellebrite UFED: This is a mobile forensics software that allows investigators to extract and analyze data from smartphones, tablets, GPS devices, drones, IoT devices, and other sources. It supports over 35 thousand device profiles and 100 apps. It also offers features such as cloud extraction, app downgrade, physical extraction
Volatility: This is an open source memory forensics framework that allows investigators to analyze memory dumps from various operating systems. It supports Windows XP through Windows 10 (32/64 bit), Linux kernels 2.6+, Mac OS X 10.5+, Android 4+, iOS 7+, etc. It also offers plugins for malware analysis
Wireshark: This is an open source network analysis tool that allows investigators to capture and inspect network traffic in real time or from saved files. It supports hundreds of protocols and can filter packets based on various criteria. It also offers features such as decryption support
X-Ways Forensics: This is a digital forensics software that offers a powerful and efficient way to examine and recover data from various sources. It supports FAT, NTFS, Ext, ReFS, HFS+, and other file systems. It also offers features such as deleted file recovery, file carving, hashing, encryption detection, registry analysis
Autopsy: This is an open source digital forensics platform that allows investigators to perform various types of analysis on disk images, smartphones, and other sources. It supports Windows, Linux, and Mac OS X operating systems. It also offers features such as timeline analysis, keyword search, hash analysis, web artifacts.
FTK: This is a digital forensics software that enables investigators to process and analyze large volumes of data from various sources. It supports over 500 types of devices and file systems. It also offers features such as email analysis, password cracking, malware analysis.