Cyber Threat Intelligence

Offered as part of a Prism Continuous testing programme, Rootshell Security’s Cyber Threat Intelligence (CTI) service is designed to help your organisation identify, mitigate and prevent potential cyber threats and attacks.

CTI Services Include Typo-Squatting, IP / Domain Blacklisting, and Compromised Accounts Harvesting.

Typo Squatting

Rogue typo-squatted domains can have mailing capabilities and websites which can be used in watering-hole and drive-by download attacks, or in phishing campaigns against company employees or clients.

Key Features of our Typo-Squatting Detection Service:

  • Identify registration of suspicious domains indicating that a threat source is registering similar domains to that of your website, helping you to protect your organisation
  • Continuous domain searching service offering greater awareness of attack indicators through early warnings of predictions and preparations of potential domain-spoofing attacks
  • Updates of investigation into possible permutations of your domain name which have been registered with ‘A’ records (IP addresses) and ‘MX records’ (mail addresses) for the domain

Proactive Intelligence

Limit the window of attack for threat actors to target your organisation; protecting your brand, employees and clients.

Prepare for Potential Attacks

Utilising early warnings to assist with prediction and preparation of potential domain spoofing attacks and preventing these from developing into full blown attacks.

Identify Threat Sources

Identify newly registered potential threat sources within a timely, actionable window

IP / Domain Blacklisting

Using reactive Intelligence, we can identify if your organisation’s internet infrastructure appears on bad-reputation lists (aka ‘blacklists’) associated with malicious behaviour. This may indicate a range of potential concerns such as infected / compromised corporate endpoints.

Key Features of our IP / Domain Blacklist Detection Service:

  • Regular analysis of a wide array of reputation lists
  • Leverages automation to quickly search and identify blacklist entries from hundreds of information sources
  • Rapid alerting when any nominated IP / Domains appear on our monitored blacklists

Avoid and Reverse Negative Business Impact

Helps to identify the possibility of compromised email services or assets, and reinstate previously blocked communication channels that may impact legitimate business operations.

Mitigate the Spread of Malware

Contain/minimise and mitigate the spread of malware infection to multiple endpoints across the organisation’s enterprise network(s).

Thwart Persistent Attacker Presence

Counter threat actor presence on organisation endpoints and aid any incident response and remediation.

Compromised Accounts Harvesting

Having timely knowledge of any compromised account credentials, allows you to take action, by disabling the account or changing the password.  This also potentially highlights the need for multi-factor authentication.

Key Features of our Compromised Account Detection Service:

  • Regular analysis of a wide array of username and password lists
  • Leverages automation to quickly search and identify compromised accounts from multiple lists containing millions username and password combinations
  • Rapid alerting when any nominated username and password appear on our monitored lists

Insight that Allows you to Take Action

Having timely knowledge of any compromised account credentials can indicate potential attack vectors, allowing you to take action.

Confidentiality, Integrity and Availability

Allows you to maintain the intended access control model as part of Confidentiality, Integrity and Availability (CIA)

Identifies Internal Training Requirements

Supports training efforts for staff with compromised accounts during the whole account compromise lifecycle, from initial compromise to final use in malicious activities

Discover the full benefits of a continuous testing programme

Download the Prism Services technical datasheet