Izengard UNCLE – Powerful Threat Intelligence

Izengard UNCLE - Unified Threat Intelligence

Threat Intelligence

Izengard combines horizon scanning and threat intelligence across 3 domains, cyber-security, financial crime and IT risk management.  Inside threats and outside threats are managed.

The Izengard Threat Intelligence module is integrated into our unified SOC and helps protect you from Ransomware, Advanced DDOS attacks, Advanced Persistent Threats (APTs) and combines in our SOC with end-point hardening.  This also protects you if your customers end-points are infected and accidentally do not pass you malware through SQL/API injection attacks or man in the browser/man in the middle attacks.

Izengard teams up also with providers of advanced intelligence to potentially warn of organized/cyber crime gangs who may well be operating in your geographies and planning attacks.  

With the Unified Threat Intelligence co-working with Device/End-Point intelligence, Izengard can identify account take over, social engineering and BOT attacks

Izengard’s Threat Intelligence and Izengard’s Mind Map work together also to do Dark Web Monitoring so that other trading risks which help evade financial crime and cyber are caught out and any customers, vendors or other entities having connections via our dark web monitoring are highlighted to the institutions staff.

Threat Intelligence - Across Financial Crime, Cyber Security and IT Risk Management

Active vs Passive Threat Hunting

Active Threats

An active attack usually involves a network exploit during which the attackers will modify or alter the content and impact the bank's IT resource. In general, the criminals usually perform a series of passive attacks to gather info before they begin simulating a vigorous attack. The criminals attempt to disrupt and forced the system to lock up.

Typical types of active attacks include the following:

  1. Distributed Denial of Service Attacks (DDOS)
  2. ICMP flood
  3. SYN flood
  4. Trojans
  5. Replay Attacks
  6. Sybil Attacks
Active vs Passive Threat Hunting

Passive Threats

A passive attack can monitor, observe or build use of the system’s data with the objective of finding weaknesses in controls. It does not strain system resources, and generally does not change the data. It is often difficult to detect this as it remain hidden, but combined with device intelligence and number of hits that did not go and do some transaction Izengard has mechanisms to pinpoint.

The following are types of passive attacks:

  1. Channel Pinging – often different characteristics in AML/Fraud attacks – can range from different bots/devices pinging the same channel
  2.  Eavesdropping – sometimes like the listener in the man in the middle/browser
  3. Release of Message attack
  4. RPL – for IOT type devices (i.e. ATM, Kiosk etc)
  5. Traffic Analysis – This can be reversed and Izengard team has ideas on how this can be used to potentially identify suspect organized criminals, even if they are using SIMjackers and other tools on the consumer side
Adversary Intelligence

Adversary Intelligence

Izengard partners with a handful of organizations to bring you information about adversaries and their methods. This covers both cyber-crime and financial crime. Our cyber partner is able to bring research from over 23 countries and detect millions of events per day. Izengard deploys the MITRE Att&ck framework and graphs. Also through working with our partners, we can obtain a full overview of the attack, including incidents involving Mutex/Pipes/Registry/Files.

Threat Intelligence and Device Intelligence working together

Device Intelligence

Threat Intelligence works with the collected data across customers in  Izengard Device Detective – to examine connected threats and active/developing threats

Izengard’s Threat Intelligence modules works with our Izengard Device Detective and combines anomalous behavior across multiple users, multiple devices and examines if they came from similar adversaries, or newly developed adversaries or threat protocols.