Challenge
After a year with FS Group’s IRT services, the company identified a new need. Their in-house cybersecurity department required a solution to handle highly sensitive security investigations.
Before outsourcing investigations to FS Group, the cybersecurity department relied on disconnected services to monitor threats and investigate incidents. This fragmented approach failed to provide unified, actionable intelligence and hindered effective threat identification and response.
Faced with the need for robust internal investigations, the client sought a threat intelligence platform to:
- Monitor cyber threats in real-time
- Investigate potential data compromises swiftly
- Track the company’s digital asset reputation comprehensively
To select the right tools, they turned to FS Group, their trusted partner.
Modules used by cybersecurity analyst
To address the client’s specific needs for real-time threat monitoring and swift investigation of potential data compromises, the following modules were implemented:
- DeepRadium
- DeepCobalt
DeepRadium alerts the client cybersecurity team about the most serious cyber threats and makes patch management more timely and effective. The module provides a critical feed alerting the client’s team to the most severe known exploited CVEs (Common Vulnerabilities and Exposures). This serves as a big red emergency button for the client’s Patch Management tool.
Platform analysts provide reports on the CVEs and 0 days being actively exploited by nation-states and APTs (advanced persistent threat).
DeepCobalt monitors over 50 DarkNet forums, instantly alerting when it detects the client’s account credentials in sold databases.
DeepCobalt module dashboard
Modules used by corporate security analyst
- DeepInk
- CrossLink
During implementation, the client’s management realized they could use Platform Blue for physical and economic security. The DeepInk module enables OSINT investigations of external and internal ecosystem threats by providing access to:
- Individual and organizational data (e.g., names, addresses, contact details, and foundational documents)
- Social media and other online profiles
- The activities and potential interests of individuals or organizations (including behavioral patterns, habits, and possible fraud schemes and methods)
- Location and movement routes
- Financial information
- Connection and communication data with other individuals or organizations
- Other crucial contextual information that may impact security or pose significant ecosystem risks
Here is how DeepInk helps with the client with OSINT investigations:
- Instantly assess any email address for potential risks
- Detect if the email has a presence on the dark web or other suspicious online activities
- Verify if the email belongs to a real person or a bot
CrossLink takes a single attribute like an email, username, or full name and provides the client’s security team with a vast history of that person’s online fingerprint in the deep, Dark Web.
CrossLink search interface
“What really stands out is the depth of information we can access now. For instance, last month, we uncovered a potential data breach attempt by correlating seemingly unrelated events across our global operations ー something we couldn’t have done before in-house. It’s cut down our investigation time significantly.” ー Security Analyst.
