Search
Featured Image: The Value of Unique Data for Threat Intel

Hyas Blog | The Value of Unique Data for Threat Intel

Published by on

Let’s face it – researching an existing threat or fraud case is not an easy or straightforward task. Bad actors and criminals are getting better at obfuscating their attack infrastructure and overall techniques. There is no magic process guide “do X and then Y and then Z” that delivers the key insights, and trying to answer the three basic questions:

  1. What happened?
  2. How did it happen?
  3. What will happen next?

What’s going to happen next is increasingly getting more difficult. Anyone who tells you that their solution will “give you the answer” is quite honestly lying, except to solve the simplest of problems. In reality, researching a complex case, and getting the answers to the above questions, ultimately most likely requires specialized data and insights from a variety of tools and solutions. Utilizing the output from one as the input into another (or having well-built integrations), and combining the various data points, is how modern day cyber security analysts and researchers need to function, whether it’s for incident response, fraud analysis, or proactive threat research.

This is why solutions that provide unique data are not just helpful but necessary tools in the overall arsenal. You can get the usual data and insights from a variety of common tools, but increasingly that data isn’t going to provide the “Aha!” moment that you need.

Several years ago, the well-known investigative reporter Brian Krebs wrote about a particularly interesting case in France that was discovered with specific data gleamed from DNS data sources and a dynamic DNS provider. Named as the Kasbah hacker, the insights into what happened and who was behind it ultimately utilized several data sources, but never would have been possible without the unique initial DNS-based insights.

In another example, a global organization was being defrauded by almost one million dollars a day, and they were struggling to understand not just how it was happening but how to stop it, who was behind it, and ultimately how they could potentially recover funds. Sure, they could track IP addresses but through the utilization of VPN, TOR, and other mechanisms, it’s ridiculously easy today to mask one’s true physical location. Nevertheless, this story ends on a happy note – by accessing and studying unique and bespoke IP and GPS data, this organization was not only able to understand how the fraud was occurring and stop it, but provide enough information to Interpol to have the criminals arrested.

All of this is why HYAS exists. As a smaller company in cyber security, one needs a primary focus – and the focus of HYAS has always been to provide unique insights, intelligence, and answers from unique, bespoke infrastructure and IOC intelligence. 

HYAS is the expert in “VRA”:

  • Verdicts – what’s nefarious or malicious and what’s not, right now, because the answer does and will change 
  • Related Infrastructure and IOCs – typically a researcher only has one data point, or one jigsaw puzzle piece, and HYAS with its proprietary graph database underpinning the HYAS Adversary Infrastructure Platform, makes it simple and straightforward to utilize one piece of intelligence to reveal multiple others, each one opens up additional paths of investigation and helps complete the overall puzzle
  • Actor Attribution – where the attack came from ultimately helps pinpoint what to do about it and who might be behind it; this intelligence is needed whether you’re trying to update your global threat matrix, get proactive against the criminals that are wanting to attack you, or involve law enforcement.

It’s clear that HYAS may not provide “all” the data you need. HYAS doesn’t today include any dark web data – there are multiple other companies and solutions that specialize there. Similarly, HYAS does not provide specific cryptocurrency data – again, there are multiple other solutions you can use to deep dive in those areas. But these other solutions, or potentially others, when combined with the unique infrastructure intelligence provided by HYAS, help build a complete picture that ultimately allows you to answer the key questions that we originally started out with.

There is always a need to balance privacy and security, and we take privacy very seriously, from being GDPR compliant to compliance with other privacy frameworks and even having an ethics committee to determine who we will, and won’t, allow to utilize our solutions. Nevertheless, in a fully GDPR-compliant manner, HYAS’ mission is to provide unique intelligence, via unique data sets, to analysts, researchers, and other stakeholders who are desperate to answer the three initial questions and close cases. One credit union, in fact, determined that the utilization of unique data from HYAS sped up their investigation by a factor of three or more.

The attackers and criminals are getting smarter and adapting their tactics and techniques. Without unique and specialized data, you’re on the wrong end of a losing proposition. Jay Baer famously said “We are surrounded by data, but starved for insights” and, similarly, John Naisbitt commented “We are drowning in information but starved for knowledge.” HYAS data can be the difference between data overload and that Aha! moment that leads to true insights and knowledge. Isn’t it time that you looked into how bespoke, unique data can help your organization? When combined with your other toolsets and intelligence, it can provide the answers you need to close cases and drive true, proactive knowledge.