Cyber Threat Intelligence Services

Gain essential insight into how a threat actor may target your organisation with Rootshell Security’s continuous Cyber Threat Intelligence services. Implement fast, efficient, data-driven security strategy to fortify your security posture.

Let us Gather Actionable Intelligence for You
CTI Triangle Icon
Rootshell Accreditations Banner

What is Cyber Threat Intelligence?

Cyber threat intelligence (CTI) enables your organisation to understand the potential threats and threat actors looking to perform malicious activities against your brand, employees, and customers.

Rootshell Security’s Cyber Threat Intelligence service arms you with the most relevant insights for identifying, mitigating, and preventing cyber attacks. We deliver this as a continuous service by providing you with monthly actionable reports.

Why is cyber threat intelligence important?

Your security strategy is only as strong as your cyber threat intelligence. Conducting cyber threat intelligence services will provide your organisation with a number of critical advantages.

View your threat intelligence alongside your other threat services

Prism Platform is a vendor-agnostic vulnerability management solution that puts you at the centre of your IT security ecosystem. Consolidate assessment results, accelerate remediation from start to finish, and gain real-time insight into your ever-changing threat landscape.

Request Your Demo
Prism Platform Preview Image

What are the types of threat intelligence?

Our Cyber Threat Intelligence services utilise a range of important data sources. This includes the following types of cyber threat intelligence: Email Harvesting, Typo-Squatting, IP/Domain Blacklisting, and Compromised Account Harvesting.

Email Harvesting

Using public data sources, such as social media accounts, leaked email lists, or simply guessing, threat actors attempt to harvest your organisation’s email addresses for the purposes of launching email phishing campaigns.

We can use advanced open source intelligence (OSINT) techniques to establish how a threat actor could obtain your personnel’s email addresses, so you can gain visibility and mitigate your risk of compromise.


  • Thorough investigation spanning the surface, deep, and dark web
  • Harvesting using manual and automated OSINT techniques
  • Expert analysis and validation


Threat actors can register rogue domains that appear similar to those of genuine organisations. This is known as ‘typo-squatting’ and is used to launch a range of attacks, including phishing campaigns.


  • Cracks down on the registration of suspicious domains.
  • Continuous service offering greater awareness of attack indicators using early warnings and predictions of potential attacks
  • Investigates possible permutations of your domain that have been registered with ‘A’ records (IP addresses) and ‘MX records’ (mail addresses)

Domain Blacklisting

If your organisation’s internet infrastructure appears on bad-reputation lists, also known as ‘blacklists’, this could indicate infected or compromised corporate endpoints.


  • Regular analysis of a wide range of reputation lists
  • Leverages automation to quickly search and identify blacklist entries from hundreds of information sources
  • Rapid alerting when any nominated IP/Domains appear on our monitored blacklists

Compromised Accounts Harvesting

Usernames and passwords are regularly leaked on the web without users knowing. Threat actors can use these credentials to access your employees’ accounts, which could threaten your organisation. Our Cyber Threat Intelligence service continuously alerts you to compromised account credentials, so you can take action.


  • Regular analysis of a wide range of username and password lists
  • Leverages automation to quickly search and identify compromised accounts from multiple lists containing millions of username and password combinations
  • Rapid alerting when any nominated credential appears on our monitored lists