Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
As an intelligence analyst, it’s paramount that you stay on top of what’s happening in the world around you. To further inform our own research and develop our skills, we often read lots of different blogs and news sources every week throughout the month.
We’re continuing this series to showcase some of the brilliance outside of Digital Shadows (now ReliaQuest) and our take on some of the stories out there.
I will admit it. In the last couple of months, I’ve been reading a lot about zero-day vulnerabilities and offensive tools for upcoming Digital Shadows (now ReliaQuest)’ research on vulnerability intelligence. For that reason, right now, I’m incredibly interested in the legal and illegal industry that drives the development and selling of such tools to nation-state countries. That’s why when I saw that the American think tank the Atlantic Council published a new report on this topic, I scraped my old contribution to this blog and wrote these paragraphs.
The report is based on a dataset built with data collected at both ISSWorld and international arms fairs over the last twenty years. The Atlantic Council researchers do a great job in shedding light on an issue that is often overlooked due to the nature of this industry. In fact, while press coverage tends to focus on few companies such as NSO, this paper provides a critical overlooked into a far more crowded environment,
One of the key findings of this report is that multiple firms operating from Europe and the Middle East have been identified selling cyber surveillance tools to both NATO and its geopolitical adversaries. Although legit from a private company perspective, this action risks causing severe national security concerns to every party involved in these transactions. Additionally, according to the paper, the current “pay-to-play” model adopted by this industry is doomed to create a worrying pattern of cyber weapons proliferation.
Policymakers are currently struggling to recognize and respond to this thorny issue. Regulations and limitations on the import/export of such technologies have failed to limit this industry significantly. Western countries should therefore adopt a more assertive approach to rein in companies selling sensitive tools to their adversaries. During times when cyber diplomacy isn’t receiving phenomenal results, a tougher stance may well obtain better ones.
Read more here.
In a bipartisan amendment, four members of the United States Senate have proposed an addition to the 2022 National Defense Authorization Act (NDAA) which, if passed, would force entities operating in critical infrastructure to report cyberattacks and payments made to ransomware gangs to the Cybersecurity and Infrastructure Security Agency (CISA). The amendment would also force civilian federal agencies to report to CISA. The amendment, however, does not cover suspected cyberattacks; only confirmed instances. If successful, the victims will have 72 hours to report attacks; but this also has a caveat. Businesses, state and local governments, and not-for-profit organisations will have to report ransomware payments to federal authorities within 24 hours.
Bipartisan support suggests a political consensus regarding the need for swifter responses to cyberattacks; however, it could be argued that the amendment does not go far enough. Notably, it does not prevent ransomware payments; cybercriminals attacking their targets will continue to conduct this kind of activity for as long as victims pay up. However, a greater focus on ransomware in the last 12 months indicates more US policy is likely in the pipeline. Although we can’t say whether ransom payments will be banned, we do know that the US Government is becoming increasingly concerned with the situation. The 10 million dollar bounty for information on DarkSide, for example, shows an intent to hunt down those responsible for attacks against US critical infrastructure. For the time being though, if the amendment is successful it is likely to make it easier for US decision makers to get abreast of ongoing ransomware operations.
Read more about it here (and also catch our CISO’s opinion).
Some of the biggest conundrums that occur in any intelligence organization is the need to share information, or the need to acquire needed information. Sometimes it’s TLP:RED information, and the caveat effectively shuts down any sharing outside or getting your hands on it. Or it’s proprietary information derived from specific rules or systems that are not approved for third party release. Or the information itself points to your own customer or internal systems that it introduces a security risk on its own.
Not to fear, fellow security nerds, because there are some ways things can be shared. Joe Ariganello over at Anomali wrote about this a couple of months ago, which included some best practices and other things to think about if you’re going the sharing route. There are definitely valid concerns to sharing information outside of your own organization, but luckily there are some frameworks and technologies that are on your side.
If you decide to go the sharing route, according to Joe, it’s best to figure out what the processes are, what kinds of data are being shared, the data sources, and the overall objectives of the program, among other considerations. Indicators of compromise (IOC) are usually the easy wins, but it may also be beneficial to share specific, observed attack behaviors that might help another SOC out there. Information might be shared within an ISAC (information sharing and analysis center) or an ISAO (instead of a center, it’s an organization), or it could be a small informal working group among vendor organizations, customers, industry peers, or partners. It may even be a formal organization, such as the Cloud Security Alliance; or among law enforcement or government agencies.
Recognizing that adversaries are out there with nearly unlimited resources and without the same constraints the private or public sector puts on themselves at times, sharing information can only bring more allies to the fight. As Caesar said in the 2011 classic Rise of the Planet of the Apes, “Apes together strong.” There’s no need to go it alone when you have others out there fighting the same battle.
Read more about it here.
This is the stuff us analysts love to do: Researching and learning more about the myriad threats out there, and contextualizing them with the world around us. We love cyber threat intelligence!
Find out more about the intelligence we provide in SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) with a 7-day test drive, or contact us to schedule a demo to learn more about your use cases and how intelligence might make a difference for you.