Tailored Threat Intelligence | Booz Allen Cyber Security
Tailored Threat Intelligence

Tailored Threat Intelligence

When 97% of malware is only seen on one endpoint and 100,000 IP’s are added to blacklists each day, do you really care about the malicious file hashes and IP’s that other people have seen? As part of the Booz Allen Managed Detection and Response Service, we deliver Tailored Threat Intelligence that focuses on malicious activity happening inside and around your environment in order to deliver more accurate and applicable intelligence to better drive changes in your defensive posture.

"Altamira brings a commercial mindset to solving the most complex national security problems by delivering cyber operations, mission application development, multi-intelligence analysis, and data science technologies and solutions to the defense, intelligence, and homeland security communities. Throughout our journey to provide customers above and beyond capabilities, Booz Allen has been an engaged and solutions-based business partner helping Altamira maintain a compliant and operational security environment. In a complex world, one that is constantly under attack from a cybersecurity standpoint, we trust in Booz Allen to help us achieve success."

Blaze Baker
Corporate Information Technology & Assurance Manager,
Altamira Technologies Corporation

Tailored Threat Intelligence Includes:

Technique detection

Technique detection versus indicators of compromise detection

It is easy to find indicators of compromise (IOC’s) such as the hash of a file and detect anywhere that hash exists.  The same is true for IP addresses.  Because it is so easy, many attempt to base their threat intelligence and detection capabilities on these items.  Unfortunately, hashes and IP’s are also easy for attackers to change.
Technique based detection focuses on detecting not the malware or control channels used by attackers, but the techniques they use.  For example, point of sale malware dumps memory.  By detecting when memory is dumped on a point of sale machine, you can effectively detect all POS malware.
Developing technique based detection capabilities is much harder than looking for IOC’s, but they are also much more effective in the long term.  Because of this, Booz Allen’s Managed Detection and Response Services deliver Tailored Threat Intelligence and technique based detection, not just IOC’s, tied to the attacks you experience.

Real world example of Tailored Threat Intelligence

Real world example of Tailored Threat Intelligence

Booz Allen was introduced to one of its customers when we responded to a breach tied to the theft of their single sign on (SSO) web page.  A hacker was able to recreate their internal SSO page and post it on an external server.  Combining this legitimate looking SSO page with a phishing attack, the attacker was able to harvest numerous credentials from the organization.

For several months this organization played whack-a-mole with this attacker by blocking the domains they used to host the fraudulent SSO page.  This ultimately proved futile as the attacker simply stood up a new domain for each new phishing attack.

After engaging Booz Allen’s Managed Detection and Response Service, we were able to use our Tailored Threat Intelligence and the Booz Allen Defense Platform to create defenses that identified any time the customer’s SSO page came into their environment from the Internet.  Their legitimate SSO page was only served up internally, this because a very effective detection capability that essentially took the SSO + Phishing technique off the table for the attacker.  With this defense in place, the attacker was forced to move on.

In this example, Booz Allen created Tailored Threat Intelligence and detection capabilities that only this customer cared about.  No other company would care if the SSO page in question was served up to them from the internet.  However, for this particular customer, that intelligence and detection capability was very valuable and highly effective.