A proactive approach to Cyber Threat Intelligence

The study of cyber threats

We are committed to providing effective protection against cyber threats to business. This task is handled by a dedicated team: the Stormshield Customer Security Lab. Our Cyber Threat Intelligence team has two main missions: to study cyber threats in order to understand them, and to continuously improve the protection offered by Stormshield products. All with a view to contributing to the cybersecurity community's efforts to tackle cyber threats.

Continuously improving our cyber protection

To improve our knowledge of IoCs (Indicators of Compromise), this Cyber Threat Intelligence team draws upon the vast amounts of information provided by our own UTM, EDR and sandboxing solutions, coupled with external data sources. Its focus is on the constant goal of improving the security of Stormshield solutions and a central role for CTI in the eXtended Detection & Response (XDR) approach.

And with our Product Security portal, we also conduct a mission of informing our partners and customers about the state of the cyber threat worldwide. Security services made available to all parties include identifying whether an IP address exists in our IP reputation databases, finding existing protection for our products (SNS signatures and SES rules) and accessing the list of CVEs detected by our Vulnerability Management module.

A dedicated Threat Intel team

In-depth analysis of the technologies and mechanisms exploited by cyber criminals is part of the daily work of our Cyber Threat Intelligence team: the Stormshield Customer Security Lab.

Do you have a question to ask or an incident to report? The members of our Cyber Threat Intelligence team are waiting to hear from you.

Cyber-situations vacant. New profiles are being added regularly to our Cyber Threat Intelligence team. Cyber experts, dedicated consultants and other profiles of all kinds: are you looking for a new adventure in cybersecurity? Take a look at our current vacancies and send in your application.

Security alerts and technical papers

Our Cyber Threat Intelligence team also pays careful attention to the technical approach to cybersecurity.

Our in-house cybersecurity experts make use of their hands-on coding experience to tackle malware mechanisms and deliver their high-level analysis – sometimes in exclusive scoops. Technical content for informed readers.

Do you have doubts about a file?

Not sure you trust that last e-mail you received? And the accompanying attachment looks even more suspicious? Enjoy cyber peace of mind with Breach Fighter – a research tool that uses a freely accessible portal to detect possible malicious behaviour. This malware detection service forms an integral part of our Breach Fighter sandboxing solution. The solution is based on behavioural analysis from our Stormshield Endpoint Security product and research from our Security Intelligence team. Breach Fighter can analyse and detect malicious behaviour in e-mails containing attachments and in file types such as Microsoft Office, PDF, JAR and Java files, scripts (PowerShell, JScript, etc.), Windows executable files, and even archives (ZIP, RAR, 7-Zip, etc.).

What is CTI?

CTI is the activity of gathering information to identify trends in cyber threats and provide actionable intelligence. Cyber Threat Intelligence can take several forms.

  1. Strategic CTI: a high-level overview of the threat landscape, covering geographical, political and commercial aspects for non-technical decision-makers.
  2. Tactical CTI: a focus on the approaches, methods and tools used by cyber-attacker groups.
  3. Operational CTI: a real-time approach to new software, attack methods and cyber threat actors.
  4. Technical CTI: an in-depth analysis of the technical characteristics of vulnerabilities, malware and attack methods for SOCs and other response teams.

What is an IoC?

An IoC is a technical element resulting from a security incident. This Indicator of Compromise can take several forms: file signatures (file hash, malware hash), URLs, domains, DNS, malicious IPs, registry keys, etc. These indicators, or cyber intelligence, are used for threat detection, analysis and research (Threat Hunting) and event contextualisation (to attribute cyber attacks, for example).

In practice, the term IoC generally encompasses IoA (Indicator of Attack). These other indicators are linked to cyber attacks in progress and used in security solutions to detect and block attacks in real time.

The necessary lifespan of IoCs. The cyber threat is evolving; faced with the risks of false positives and overloading IoC databases, it is the lifecycle of markers that will ensure the effectiveness of Detection & Response solutions. An IoC therefore has a discovery date, a current status and a validity date.