Blog
See All Blog Posts

REVAMPED: Continuous, Actionable Threat Intelligence

Empowering informed, efficient cyber defense has always been the core of TacitRed’s mission, so we are most excited to be releasing our largest update, and step forward, in our mission to-date with our completely revamped Threat Intelligence.

Action Oriented Finding Summaries

Determine your next action for any given finding with our intuitive summaries that include key detection details such as affected IP address or credential.

(see image below for representative examples)

More Threat Finding Types

Find and focus on the threats that matter most to your organization with the increased specificity of key TacitRed Threat Findings!

Persistent Threat Findings have been enriched* to indicate the specific type of threat presented by the finding:
(*Based on the port numbers involved in the connection)

  • Remote Access - e.g. SSH (port 22)
  • Exfiltration - e.g. FTP (port 20/21)
  • Spam/Phishing - e.g. SMTP (port 25)
  • Database Access - e.g. SQL-NET (port 150)
  • Management Service Access - e.g. SNMP (port 161)
  • Hostile Routing Attack - e.g. RAP (port 38)
  • Suspicious Communication - for all other connections that we have not mapped a specific threat type for.

Compromised Credentials and Session Findings are now broken apart to better represent the relationship of the compromised credential/session, and the domain where it is compromised:

  • Compromised Internal Credential/Session - when Monitored Entity credentials/sessions are compromised on Monitored Entity domains/assets
  • Compromised External Credential/Session - when Monitored Entity credentials/sessions are compromised on external domains/assets
  • Compromised Customer Credential/Session - when 3rd Party credentials/sessions are compromised on Monitored Entity domains/assets
  • Other Compromised Credential/Session - for all other compromised credentials/sessions (e.g. when the credential, session, and/or domain is unknown)

Updated Severity Ratings

Prioritize your response and investigation with the updated initial severity ratings for our Threat Findings that more accurately represent the risk that each finding presents.


Note: Reconnaissance findings are being re-worked so that we can provide you with more actionable intelligence. Stay tuned!

Improved Searchability of Findings

Find the answers to nearly any question that comes to mind with improved search capabilities:

  • Is 192.168.0.1 involved in any finding? Search for: 192.168.0.1
  • Is user@example.com compromised? Search for: user@example.com
  • Did we have any credentials compromised on example.com? Search for: example.com
  • Do I have any FindingType? Search for: FindingType
    • Note: for findings derived from the legacy “Persistent Threat” finding type; Search for: hostile

Detailed Specific Intelligence

Jumpstart your investigations with immediate access to the observations and detection details for each specific finding.

 
We are thrilled to have you on this journey with us and truly appreciate your continued support!

And if you haven’t joined us yet, sign up for a Free Trial of TacitRed HERE, or get a full Product Tour HERE.

 

Recent Related Stories

General
Advancing Attack Surface Threat Intelligence: Part 2
This blog is a continuation of Part 1, which you can find here. The survey further assessed how professionals would…
Read More
General
Advancing Attack Surface Threat Intelligence: Part 1
A compilation of findings from the 2024 Attack Surface Threat Intelligence report with expert practitioner commentary The 2024 State of…
Read More
General
State of Attack Surface Threat Intelligence
By Scott Gordon, Chief Marketing Officer Over 80% of cyber breaches result from external threat actors conducting phishing, session hijacking,…
Read More

Categories

General (14)
Research (2)

Connect