Challenge
After a year with FS Group’s IRT services, the company identified a new need. Their in-house cybersecurity department required a solution to handle highly sensitive security investigations.
Before outsourcing investigations to FS Group, the cybersecurity department relied on disconnected services to monitor threats and investigate incidents. This fragmented approach failed to provide unified, actionable intelligence and hindered effective threat identification and response.
Faced with the need for robust internal investigations, the client sought a threat intelligence platform to:
- Monitor cyber threats in real-time
- Investigate potential data compromises swiftly
- Track the company’s digital asset reputation comprehensively
To select the right tools, they turned to FS Group, their trusted partner.
Modules used by cybersecurity analyst
To address the client’s specific needs for real-time threat monitoring and swift investigation of potential data compromises, the following modules were implemented:
- DeepRadium
- DeepCobalt
DeepRadium alerts the client cybersecurity team about the most serious cyber threats and makes patch management more timely and effective. The module provides a critical feed alerting the client’s team to the most severe known exploited CVEs (Common Vulnerabilities and Exposures). This serves as a big red emergency button for the client’s Patch Management tool.
Platform analysts provide reports on the CVEs and 0 days being actively exploited by nation-states and APTs (advanced persistent threat).
DeepCobalt monitors over 50 DarkNet forums, instantly alerting when it detects the client’s account credentials in sold databases.
Modules used by corporate security analyst
- DeepInk
- CrossLink
During implementation, the client’s management realized they could use Platform Blue for physical and economic security. The DeepInk module enables OSINT investigations of external and internal ecosystem threats by providing access to:
- Individual and organizational data (e.g., names, addresses, contact details, and foundational documents)
- Social media and other online profiles
- The activities and potential interests of individuals or organizations (including behavioral patterns, habits, and possible fraud schemes and methods)
- Location and movement routes
- Financial information
- Connection and communication data with other individuals or organizations
- Other crucial contextual information that may impact security or pose significant ecosystem risks
Here is how DeepInk helps with the client with OSINT investigations:
- Instantly assess any email address for potential risks
- Detect if the email has a presence on the dark web or other suspicious online activities
- Verify if the email belongs to a real person or a bot
CrossLink takes a single attribute like an email, username, or full name and provides the client’s security team with a vast history of that person’s online fingerprint in the deep, Dark Web.
“What really stands out is the depth of information we can access now. For instance, last month, we uncovered a potential data breach attempt by correlating seemingly unrelated events across our global operations ー something we couldn’t have done before in-house. It’s cut down our investigation time significantly.” ー Security Analyst.
Result
FS Group discovered 2 critical, 4 high, 13 medium, and 10 low-risk vulnerabilities.
- The overall risk level was categorized as high.
- FS Group prevented a potential financial loss of tens of millions of dollars by discovering the critical and high-severity flaws. This financial loss would include reputational damage, regulatory fines and penalties, loss of consumers, and a high probability of business disruption and permanent closure.
- The client was provided with a detailed pentest results report that consists of:
- Testing results summary and ranking issues by risk level
- Detailed findings for the common scope, as well as for Android and iOS applications separately
- Recommendations on how to mitigate each vulnerability
The successful result of this case was possible thanks to the FS Group’s Penetration Testing and Vulnerability Scanning services.
Penetration testing and vulnerability scanning service from FS Group means:
- The test covers all the nodes of your information system on which your business depends: network-related components, operating systems, middleware, databases, and application servers.
- We test according to the GreyBox, BlackBox, and Vulnerability Assessment scheme.
- FS group has unique threat intelligence access. We are a key player in the Threat Intelligence market of Ukraine. So our analysts can test your system with the most up-to-date hacking methods. For example, closed “underground” sites and forums in the following areas: hacking, spam, malware, carding; a database of 30 billion compromised accounts from open and closed sources.
