Adversary Intelligence is Intel 471’s set of capabilities that focus on threat actors in the underground or what is typically called the deep and dark web. Our Adversary Intelligence capabilities combine extensive automated collection systems, a field-based intelligence collection and a headquartered-based intelligence analysis component.
Our automated collection systems enable Intel 471 to collect an extensive amount of information from underground forums, marketplaces and chat rooms in a scalable and timely manner. Despite what others may say, running an automated and ongoing collection capability and associated systems against threat actor run communication channels is extremely difficult. Adding to that is the challenges with identifying and maintaining access to the right sources as well as being able to consistently validate that coverage on these sources isn’t missing content whilst threat actors are constantly looking to detect and block this type of collection.
Our field-based intelligence collection function is focused on infiltrating and maintaining access to closed sources where threat actors collaborate, communicate and plan cyberattacks. This includes a globally dispersed team of experienced intelligence operators from nearly every continent on Earth who are primarily former law enforcement, security services and military officers. The team is comprised of native speakers who are experts in tracking, investigating and interacting with cyber threat actors in the region.
Our headquarters-based intelligence analysis function leverages our unique intelligence collection to create finished intelligence products that easily can be consumed by different areas and functions within an organization.
Our Adversary Intelligence capabilities are available through our Threat Intelligence offerings.
Deliverables within Adversary Intelligence include
Extensive automated forum/marketplace/chat room collection
Situation Reports (SITREPs)
Requests for Information (RFIs)
Keyword, actor or issue-based alerting