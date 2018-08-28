Summary

Reviewed By: Matthew Hreben & Michael Diehl

Written By: Dan Cure

Organizations concerned that their threat intelligence data is not global enough in scope should find relief in the Group-IB Threat Intelligence platform. Group-IB has been pioneering incident response and cybercrime investigation practices in Russia since 2003. From relatively humble beginnings within a university setting, Group-IB has grown to 240 employees, with offices in Moscow, Dubai, New York, London and a soon-to-be-unveiled location in the Asia-Pacific region. The firm offers myriad products and services, including Early Warning System, Prevention, Response 24/7/365 and Investigations.

What sets Group-IB apart is its collaboration and participation with the international law enforcement community. Judging by recent headlines, certain geographic regions have been identified as more active in launching cybercriminal activities, including Russia where Group-IB says its experts support 80 percent of all high-profile breach and legal investigation cases in the field of high-tech crime. The firm has amassed a record of more than 1,000 successful incident investigations throughout Russia and Europe.

Accordingly, expressly because the company is Russia-based, it has a self-aware focus on building trust with North American and European customers. These customers should carefully review the firm's track record, noting that Group-IB is regarded as an official CERT organization and regularly participates with similar entities around the world.

A key aspect of Group-IB data is that 95 percent of all feeds and intelligence material is from the company's individual collection, research and analysis efforts; that is to say, the data is curated from its own sources and is not solely an aggregation of other intelligence feeds. As a result, Group-IB has a high level of confidence in its information and stands firmly behind all its releases.

Access to Group-IB, intelligence is provided as a cloud-based service, which is easily accessed through a web-based interface. Analysts can view notifications and get into details in real time. A reporting module uses visualization tools while other modules offer statistics and trend tracking utilities - in short, all the instruments needed to make efficient decisions.

We saw a lot of potential in the "human intelligence" module, where analysts can learn about different malicious tools used to target organization as well as how to protect against more advanced attacks. The intelligence provides a brief description of the threat, known actors, geographical context, targets and even motivations. Finally, given the firm's expertise in investigations, it is noteworthy that customers gain access to a dedicated personal analyst, who is available to answer questions and respond to requests for expert insight.

For those accessing the system through the web or API interface, it is important to note all IP addresses need to be whitelisted. This is a small but valuable reminder of how seriously Group-IB takes security in a customer's organization as well as its own. Once accessed, information can be exported into other systems such as SIEM, IDS, EDR, firewalls, threat intelligence platforms and orchestration platforms.

The base price for the solution spans from $150,000-$300,000, depending on the specific services provided. In case of emergencies, a CERT team is available 24/7 at no charge. Last year, the Global-IB portal maintained 99.8 percent uptime.