Latest blog / Attacks on MSPs: How Threat Actors Kill Two Birds (and More) With One Stone

Read more

TECHNICAL INTELLIGENCE

As part of our ongoing mission to empower organizations to neutralize cyber threats, KELA introduces our Technical Cybercrime Intelligence. Our Intelligence is collected through automated detection of potentially compromised IPs and domains involved in cybercrime activity. Our sources include closed forums, illicit markets, automated cybercrime shops, instant messaging channels used by criminals, and more. This intelligence is available to consume via Snowflake as a machine-readable feed and can be easily integrated into your security appliances.

Use KELA’s Technical Intelligence module to monitor the latest compromised network assets that can be exploited by threat actors for their next cyber attack. Such assets can be abused to serve as an attack infrastructure or as an attack vector such as phishing attacks, (for example, as a C2 server).

Visit Snowflake

TECHNICAL CYBERCRIME INTELLIGENCE

USE CASES

Actionable Threat Intelligence

Use KELA’s Technical Intelligence to get actionable cybercrime threat intelligence and protect your organization against compromised network infrastructure that can be exploited by malicious threat actors

Improved Threat Hunting Capabilities

Leverage KELA’s Technical Intelligence to support your investigation and improve your organization’s threat-hunting capabilities

HOW IT WORKS

COLLECT DATA

KELA’s automated cyber intelligence technology continuously collects posts, images, and other information in various formats from the cybercrime underground

ANALYZE AND EXTRACT

The collected data is analyzed to detect potentially compromised assets based on context and source credibility, resulting in an output of indicators, including IP addresses and domains

NORMALIZE DATA

The detected assets, their context, and MRTI properties, such as STIX,
are shared with the users via Snowflake's API in
a structured, machine-readable format

BUILD PROACTIVE DEFENSE

Leveraging KELA’s Technical Intelligence to monitor or block access to detected compromised assets empowers users to remediate potential risks proactively

BENEFITS

SEAMLESS INTEGRATION

Easily integrate KELA’s machine-readable Technical Intelligence into your SIEM, SOAR,
or any other security solution, by using
the STIX format or any other available fields.

REAL-TIME UPDATES

Protect your organization by getting real-time
updates on compromised IPs and domains
mentioned in cybercrime activity. Stay ahead of
potential attacks by taking proactive countermeasures.

COMPREHENSIVE COVERAGE

KELA’s real-time Technical Intelligence includes information from a wide range of cybercrime underground sources, ensuring that you have access to the most up-to-date and relevant intelligence on cyber threats.

CONTEXTUALIZE INTELLIGENCE

Learn more about each threat by gaining a deeper understanding of the intelligence source and how the asset was compromised.