Threat Intelligence provides timely information about breaches that are visible for external observers. The data comes in various formats and from multiple sources and it is pre-ﬁltered into information about victims, vulnerabilities, and threat intelligence indicators that is needed to help the organizations quickly and eﬀectively remedy the breaches.
The notiﬁcations help to identify incidents that have passed through current security measures of the internet-facing assets. Combined with vulnerability notiﬁcations, they also help customers to systematically improve their security processes to ﬁx the weaknesses that allow incidents to happen.
Simply, it helps to understand if the machines in the network are secretly communicating with unauthorized personnel outside the network or if service of the organization that was supposed to be exposed had a vulnerability that allows it to be exploited remotely.
This will be assessed by matching IPS against known compromised or vulnerable systems. Monitoring is based on the external data sources on breaches and does not rely on information that is only available to the customer internally.
The outcome may indicate either if the network is secured with no external communication or it will expose the vulnerable services indicating the systems’ exposure level. These systems may be abandoned, misconfigured, or otherwise vulnerable. Vulnerable systems can be used for data theft, denial of service attacks, and other criminal activities. Either way, the outcome gives a proactive means of managing security.