Threat Intelligence Research

The Benefits of Specialization in Threat Intelligence Research

Keeping Perspective

Broadly speaking, a threat is a potential negative action or event that impacts a network or system. In cybersecurity, the term refers to intentional events, like hacking. A threat actor is an individual or group that performs a negative action. 

In the cybersecurity industry, threat intelligence research can provide some benefits to companies. It can drive organizations to create defensive policies and create systems that are predictive, not just reactive. 

Working towards early threat detection and identifying effective procedures to rectify problems are two goals within threat intelligence. 

Many aspects of threat intelligence relate to how researchers can go about gathering various types of information about possible threats–ideally before they happen. Research efforts typically focus on broad PII (personally identifiable information) categories from deep and dark web data. The information includes a diversity of data, from server traffic to exposed passwords. By analyzing this data, threat researchers work to discover who is attacking, what their M.O. is, and how you would even realize you’d been compromised. 

However, there is often a massive surplus of data, and it takes threat researchers to figure out what is useful, and how. In effect, broad PII research tactics miss what focused queries in breach exposure data and compromised credentials can provide. 

Identifying the Problem 

The 2020 Verizon DBIR report showed that 80% of breaches were related to compromised credentials, indicating a great need for attention on password research. Therefore, developing focused threat intelligence information on compromised credentials is a more efficient way to enhance security for an enterprise.

Most threat research will focus on the large, high-profile breaches, but miss many of the smaller exposures. Attackers, however, exploit credentials from smaller breaches all the time. They know they are picked up less often and are thus less likely to be detected by a cybersecurity service.  

Smaller-scale companies are often targeted by threat actors because they may be using outdated software, due to a lack of resources for robust security practices. Software with weak or nonexistent password hashing makes yielding the plaintext passwords easier. Additionally, with the ever-concerning issue of password reuse, if an employee has used the same or a similar password elsewhere, other accounts and networks can be compromised, not just the targeted one. Therefore, even the smallest breaches are still dangerous. 

From General to Specific

Generally speaking, threat researchers try to consider all types of threats and think about both why and how bad actors might want to launch attacks. The element of human psychology is important, as researches elucidate what people want and how they could get it. With this in mind, there is a lot of threat intelligence data that is not particularly actionable. For instance, just because a user’s username was compromised may not mean there is an active problem.  

However, Enzoic’s research is related to actual passwords and credentials. When these are exposed, there is an immediate problem that needs to be resolved, and threat intelligence providers want immediate action. 

Focused manual efforts towards compromised credentials can close vulnerabilities, but sometimes the scale is too massive, and sometimes it’s too late. Fortunately, there are other actionable solutions and sophisticated automated efforts that can be applied to accelerate all parts of the process. Password data from threat intelligence can be fully automated, saving companies time and money and improving security. Additionally, an automated system has the benefit of decreasing the delays between periodic audit-based processes and removing vulnerabilities open to threat actors. 

Finding Solutions

As with most cybersecurity quandaries, the best solution involves both automation and a human touch. We need real people researching, detecting, and responding to threats before and as they happen, as well as automated systems that can quickly monitor credential use and alert us to breaches and issues. The combination of real-time checking and continuous monitoring is the most efficient at keeping compromised passwords out, and rapidly removing good passwords that become bad. 

Threat research data needs to be cleaned and analyzed–both by hackers and researchers–to be used effectively, which necessitates big-data analytics tools. At Enzoic, we invest in technology and human efforts deeper than most.

Our research is powered by a combination of human and automated intelligence to scour the public Internet, Dark Web and work with private sources to obtain data before it gets more widely distributed. 

We include data from breaches of all sizes–from the headline-making disasters to the more numerous small breaches that present outsized risks to both organizations and individuals–to provide more comprehensive and fully actionable solutions for companies. Our credential and password database is updated multiple times each day so that threats are identified as soon as possible.