What is Threat Intelligence?

Threat Intelligence is a key area of the IS that focuses on collecting and analyzing information about current cyber-attacks and potential threats to assets, reputation and security of organizations and businesses. Threat Intelligence Service provides organizations and businesses with details derived from multiple sources about threats to the IS. These information can also be used as additional threat feeds for IS solutions, such as SIEM, Network IDS, EDR, etc., via international API standards including STIX or TAXII. Information on IS risks is also shared and analyzed by service providers and is used to furnish organizations and businesses using the service with specific measures and maximum support.

Viettel Cyber Security is the leading provider of Threat Intelligence services. Data sources of Viettel Threat Intelligence include:

  • Threat data from ISP
  • Threat data from other organizations
  • Threat data collected during implementation of IS services such as Pentest or Threat Hunting
  • Threat data collected during provision of Managed Security Service 24/7
  • Threat data collected during internal researches on tracking APT Group/-Campaign or zero-day or 1-day vulnerabilities researched by Viettel.
vess introduce

Why Choose Metfone Service?

In the era of Industry 4.0, inheriting achievements of the Information Technology (IT) development, hackers’ cyber-attack techniques have become more advanced, unpredictable and systematic, especially the advanced persistent threat (APT) targeting the core of organizations and businesses’ IT systems. Therefore, early understanding and update of information on new threats are an essential strategy for organizations and businesses to prevent attacks and maintain information security (IS).

OUTSTANDING ADVANTAGES

– Threat Collection: In addition to data sources regarding information security threats detected on its network, Viettel Threat Intelligence also collects and integrates databases and knowledge about hazards from various sources in the cyberspace worldwide, such as Dark/Deep Web, social networks, open sources, private sources, etc., for early detection and prevention of such threats.

– Threat Feeds: Threat Feeds (IP, domain, hash, etc.) are provided for IS solutions such as SIEM, IPS/IDS, Network APT, EDR, etc. Solutions are enhanced to increase organization’s ability to detect IS threats. The system provides API and data in standard formats (STIX/ TAXII).

– Thread Alert: Threat Intelligence features real-time alerts for new detected IS threats such as vulnerabilities, attack techniques, targeted attack groups, as well as malicious codes and attack campaigns. In addition, the system further gives warnings about data breach related to customers. Customers can also subscribe to receive IS threat alerts on fields and categories of their concerns.

– Threat Investigation: Basic information about threats (registration name, registration time, DNS, etc.) is provided and threats are evaluated and scored to determine level of danger for each. Threat Intelligence system also allows users to view detailed information about targets related to the threats in graphs in order to support in-depth investigation.

– Keyword Monitoring: Allow organizations to set up key words monitoring. The system, then, will send alerts on any information related to those key words.

– Targeted Threat Intelligence: Collect and give alerts related to information which may create potential risk to companies and businesses, such as:

    • Information related to customer’s brand and reputation threats;
    • Information related to leaked or stolen date of the customer.

– Global Threat Report: Metfone Threat Intelligence not only alerts information related to threats but also provide overview report on global cyber security situation to support businesses with awareness and understanding about the global context:

    • Top information security events and risks in the world;
    • Top APT attack groups;
    • Updates on malicious code and popular attacks;
    • Updated list of new published vulnerabilities.

Price policy

S/N Features Description Service package
Basic Advanced Extreme Threat Feed
1 Vulnerability Actionable Response Alert the latest cyber security threats including new vulnerabilities, new attack techniques breaking defensive solutions, propose solutions and signals related to vulnerability exploit in order to act quickly.
2 APT, Malware Intelligence Provide threats on new attack techniques, new attack campaigns from APT groups, new and dangerous malware.
3 Targeted Threat Intelligence Fake domain name, IP address. Fake Secure Sockets Layer (SSL) Certificates. Fake application.
4 Targeted Threat Intelligence Alert an organization’s service vulnerability. Alert abnormal port of an organization
5 Targeted Threat Intelligence Provide information of malware infected systems and devices or in botnet, or related to an organization’s criminal groups (For organizations using Viettel transmission network
6 Targeted Threat Intelligence Alert organization’s files: log files, screenshot images, videos, messages,certificates, source codes. Account and password data of an organization’s individuals, clients. An organization’s bank card data.
7 Machine Readable Threat Intelligence Provide information of objects, threats for SIEM, EDR, …. To improve detection capaciy of organizations
8 Graph Workspace Provide information of objects related to threats, serve for investigation. Allow to store and share by user.
9 Threat Card Provide information to Infrastructure Operating Center (IOC) and evidences related to IOC Providing information of attack campaigns and groups including: description, attack techniques, attack objects, attack strategies, etc. and relevant documents
10 Alert Alert via portal and email.
11 Support Support 24/7.