Cyber Threat Intelligence

Accurate cyber threat intelligence that is complete, actionable and easy to consume in a meaningful way, can be critical to an organisation making informed decisions prior to, during or post a cyber incident or increasingly as part of corporate transaction activity in a due diligence setting. 

We help our clients by offering them on-demand access to real-time and actionable cyber threat intelligence via a Request for Intelligence (RFI), that we curate based on global trends and insights, public and private deep and dark web information sources, and from our own extensive NSB Cyber threat database containing Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs) that we have compiled over many years through our handling of hundreds of incidents. 

We offer our CTI services “on-demand” in the moment they are needed, ordinarily in conjunction with either our DFIR services or separately as a Cyber Due Diligence service, and also as part of our Cyber Defence Managed Services.

Most modern cyber-attacks, such as Ransomware, present the victim with an opportunity to engage with the threat actor who is responsible for the attack, generally via a dark web chat function. This situation, if handled professionally, can be an important part of the overall incident response and investigation activities, and may also prove to be a valuable source of intelligence gathering for the victim organisation.

We help our clients by offering them immediate access to our experienced, professional threat actor engagement team that can negotiate, gather information and report on findings as part of the overall incident response and investigation activities. Outcomes of such services may be confirmation of how an attack was conducted, details of information that has been stolen, and validation of the length of time an IT environment was compromised prior to an attack being executed.

Our Cyber Threat Actor (CTA) Engagement services are backed by our deep expertise in Cyber Threat Intelligence and Cyber Incident Response. Download our NSB CTA Framework for more information.

Internal continuous detection and monitoring of IT environments is a key component to building true cyber resilience, bolstering an organisation’s ability to respond to and recover from potential or actual cyber incidents. So what about information sources that are external to an IT environment, which are equally as important in providing early indicators of compromise?  

The early consumption of actionable CTI indicators that are revealed every day on deep and dark web information sources, has also become an imperative component to building true cyber resilience. 

We help our clients by establishing real time, 24/7/365 deep and dark web cyber threat intelligence monitoring so that they can consume actionable, early indicators of threats to their business, their employees, their customers and their third parties.  

We offer our CTI Monitoring Services as a proactive managed service called ‘Threat View’, or ‘on incident’ as part of our DFIR services, and also as a post incident service as part of remediation activities. Our CTI monitoring can be consumed for a short time or over an extended period, and our approach to integrating with our clients is simple to understand and flexible to consume.