Screen Shot 2016-04-20 at 7.38.56 PM

Everyone says they do “Threat Intelligence” and manage “Cyber Threats” but what are they actually doing?

We have years of experience working with big data, data analysis, forensics and basically finding needles in needlestacks.

What we have learned is that it takes experience to know what to look for. We do the following:

  1. Collect data and information from OSINT and other sources to create a picture
  2. We find what others are not even looking for, the Dark Web? Got it. OSINT? Got it. Sensors? Got them.
  3. We then analyze and sanitize the information so that its understandable to you
  4. Apply the right mix of our “magic sauce” to identify threats and risks that are really relevant
  5. Use that data for threat and risk awareness, management and aversion
  6. Supply our appliances, sensors and CyberVue(tm) devices with information to alert, block and learn from real-time attacks.

Hakdefnet product set (VM, Hardware or Cloud) offers the following:

1.) CyIn- Virtual Appliance CyberInsight with CyberVUE technology (optional hardware appliance or cloud service)

2.) NCTRA- Network Cyber Threat and Risk analysis devices for small, medium large businesses as well as institutions

3.)UBnHkd- Add-on to VSOC Service or devices, we can tell you if your data has been compromised using our CyberVUE technology and searching algorithms

4.) CTRS- Cyber Threats and Risks (Known and Emerging) as a subscription

5.) PNDA- Predictive Network Defense and Automation

6.) VSOC- Virtual SOC service, we take care of the heavy lifting for you.

7.)FINDR- Integration with OpenSource as well as closed source Forensics Software and tools to collect evidence on attackers inside your network/systems.

8.) Integration with other security systems (Antivirus, Asset Management, CMDB, SIEM, IDS, IPS, UTM) This includes APIs for data and commands.

9.) Workflow

Here is one example of relevant “cyber” risks to your security based on global malware and C&C servers (malware targeting you and your industry):

Making intelligence actionable is the name of the game when alerting the un-alertable and detecting the undetectable. We want to help you be more secure.

As “solutions” become more intelligent the quest quickly arises as to what value they are actually giving. We love those types of questions because we ask the same thing!

If intelligence is not based on quality data that is reliable then the question quickly becomes: What is the value?

Screen Shot 2016-04-20 at 7.36.12 PM

Putting this into a simple use case. Lets look at current risks and which companies where just breached based on our intelligence sensors and data.

In the map above we see that 4 companies were just breached, but what does this really mean?

Lets look at the details of the attacks and find out…..

So now we know that the attacks actually took data and emails from the breached companies. (i.E. Panama Papers, Hacking Team, Banks, Insurance, etc.).

We see  that records where stolen. These stolen records increase the likelihood that more systems are compromised at these companies.

It also means that their customers and partners are also likely breached as well. So we see the results of an actual breach!

Previous Version of The CyberINSight Dashboard



This was the alpha version of CyberINsight that combined multiple information and data streams into a simple yet easy to use interface that connects with our data center. It also serves as the Admin Dashboard for our Appliances. 

Disclaimer: All work,posts and products and services are copyright/trademark Hakdefnet 2016, any open source products (or pictures) are the copyright and license of their respective creators and standard open source licensing. I didn’t create PFSense, OpenWRT or Debian Linux (nor did I have any intention if saying I did). 

Reading this post and any information from this site means you accept my AGB, Copyright and Trademark rights under German and International Law