Threat Intelligence
Threat Intelligence is an important part of our services. It provides essential information about possible threats and malware. Our specialists work closely with the T-SOC and T-CERT to use this information to protect your organization as effectively as possible against existing and emerging threats.
The added value of Threat Intelligence
An important aspect of cybersecurity is turning data into information. Using smart, advanced solutions, our threat intelligence specialists analyze large volumes of data. This data, for example, provides insight into attack patterns, reveals possible vulnerabilities of organizations, supports malware analysis and helps to identify how cybercriminals work.
This valuable information is then used, among other things, to refine detection models and to enrich honeypots. For example, our threat intelligence specialists work closely with our T-SOC and T-CERT to keep your organization safe with this information.
Types of threat intelligence
OSINT
OSINT (Open Source Intelligence) uses many thousands of public sources that we search automatically.
Detection based
In cooperation with the T-SOC, we analyse and enrich the information from existing detections. This also applies to threat information or information about vulnerabilities that emerges during a CERT case. This information is also used to enrich our MDR platform with relevant information.
Non-public sources
We work with various parties that share information with us about, for example, critical vulnerabilities, malware and other threat information. We process and enrich this information so that our T-SOC and T-CERT have the latest information to protect our customers.
Threat hunting
Our experts proactively search for patterns and indicators of attacks, such as suspicious data transfers, unauthorized network connections, or abnormal user behavior.
We do this in various ways:
- Detection-based. Our research starts from a specific detection or behavioral pattern that has caught our attention. This can be initiated, for example, by a detection from the MDR platform.
- Attach chain. In this approach, the analyst uses the MITRE ATT&CK framework to identify behavior related to different phases of the attack chain. By using tactics and techniques from this framework, you can search for the threats in a targeted manner.
- Internal investigation. This approach focuses on specific areas of concern within an organization. Our analysts examine departments, users, or systems and analyze their activities to identify potential threats..
- Emerging threats. This approach focuses on identifying and analyzing new and emerging threats and their unique behavioral characteristics. By continuously monitoring for new attack techniques and malware patterns, we can proactively respond to threats before they spread widely.
I want to know more about threat intelligence
Threat intelligence turns data into information. Wondering how we can help your organization? Then get in touch, our experts will be happy to help you.
Trusted by leading organizations in the Netherlands
Nice to meet you, we are Tesorion
Tesorion is a Dutch multidisciplinary cybersecurity company that offers continuous monitoring and detection of cyber threats as well as incident response. With over 100 experts, we do everything we can to protect your organization 24/7 against cyber attacks and data leaks.
