Content

Group-IB Threat Intelligence

Group-IB is an official partner of INTERPOL, Europol and local law enforcement agencies. With 15-plus years of experience and highly qualified experts, Group-IB leverages its own infrastructure and proprietary external threat hunting system. Collecting a large array of real-time data, the platform uses patented algorithms and machine learning for rapid data correlation.

Every data item Group-IB collects is from its own intelligence collection feed. The company believes collection is its top advantage over competitors. Group-IB’s data collection and research efforts assert that most threats targeting the financial sector come from Russian-speaking criminals, the company’s particular area of expertise. Tools on the backend are designed for investigating Advanced Persistent Threats and the company has a Threat Intelligence Team responsible for hunting any existing patterns.

Group-IB has investigated financially motivated cybercriminals for 16 years. This quality research from open sourced domains and advanced threat actors is their advantage against competitors as it is not easily duplicated.

Compromised Data shows elements such as the source, threat actor, domain and money mules. Here, analysts can see how effective certain phishing pages have been at compromising organizations and what a page looked like at the time of detection. Banks can easily use this information to mitigate fraud losses and identify other compromises. Group-IB tracks different banking trojans to obtain malware samples that are then executed in the Sandbox environment.

Group-IB’s Sandbox is designed to emulate a financial institution workspace. It estimates the percentage of a file that is malicious and feeds back a video capture of how a file behaved in the Sandbox. Analysts also receive a summary of the behavior capabilities a file is believed to possess as well as a process tree for visibility into how it operates.

The newly added Attacks feature contains a clean graph of all intersections from one element to the original phishing page’s other domains, IP addresses, SSL certs, emails, phone numbers and files. Analysts can use that information to determine if an attack is targeted, and/or if that phishing page is targeting other financial institutions and organizations.

Human Intelligence includes proprietary information written about different threats targeting organizations around the world and serves as a strong driver of Group-IB’s reputation and the research it turns out. The feature regularly updates written reports about a variety of threat groups.

The recently added Advanced Threats makes it easier for analysts to consume the wealth of information proffered. It offers a high-level overview of groups using cards with descriptions, timelines of criminal campaigns from inception to present day and activity mapped to the cyber kill chain for more accurate reconnaissance planning. Red Teams can use this capability to test out different tools and techniques to determine if Blue Teams are prepared for such attacks.

Using Tailored Reports analysts can write reports on specific organizations. Some are dispatched reports, sent monthly/quarterly/annually to summarize changes to the cyber threat landscape. The reports not only include changes to threats that occurred during the time period but also predictions. Starting price is $100,000 - $300,000. Phone, email, and website support are included and feature a knowledgebase.

 Tested by: Matthew Hreben

Product title
Group-IB Threat Intelligence
Product info
Vendor: Group-IB Contact: www.group-ib.com Product: Group-IB Threat Intelligence Price: $100,000-$300,000
Strength
Group-IB has investigated financially motivated cybercriminals for 16 years, producing quality from open sourced domains and advanced threat actors that give it an advantage over competitors.
Weakness
None that we found.
Verdict
Using highly qualified experts and drawing on extensive research into financially motivated cybercriminals, Group-IB leverages its own infrastructure and proprietary external threat hunting system.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds