All Research
Executive View

Why don't you like this?

I like this
I don't like this

KELA Cyber Threat Intelligence Platform

Alexei Balaganski
KELA Cyber Threat Intelligence Platform scans the environments where cybercriminal activities are most prevalent for intelligence that helps defend against emerging threats, leveraging both automation and expert analysis. The modular platform offers extensive capabilities — such as attack surface management and identity protection — without requiring changes to internal systems, making it especially suitable for large enterprise customers in regulated industries.

1 Introduction

Looking back at the history of the cybersecurity industry, it is really difficult not to notice how it serves as a perfect illustration of the spiral model of historical development. Three decades ago, the “castle-and-moat” security model dominated cybersecurity, with tools like firewalls and intrusion prevention systems preventing malicious outsiders from accessing the safety of a local network. However, as IT environments continued to grow and evolve, fueled by the massive adoption of cloud and mobile technologies, the traditional network perimeter has started to erode. In a new, open and connected world, the focus of cybersecurity has gradually shifted from proactive protection towards quickly detecting and responding to threats as they occur. Soon, tools like Security Information and Event Management (SIEM) were hailed as the new gold standard.

However, in just a few years, the growing number and complexity of security incidents, combined with the increasing shortage of skilled workforce, have made security operations centers much less efficient. It has become increasingly difficult to stay ahead of cybercriminals and to respond to detected events in time, even with the help of emerging machine learning and artificial intelligence technologies. A multitude of specialized solutions focusing on network (NDR), endpoint (EPDR), or identity (ITDR) threats, while offering notable improvements in efficiency, only introduce additional complexity to the existing security infrastructures and confuse customers with an entire alphabet soup of acronyms.

While detection and response solutions continue to dominate the markets today, the complexity, scale, and heterogeneity of modern IT environments, with multi-cloud architectures and post-COVID mobile workforces, makes them less and less attractive for businesses. The tide has seemingly already turned, and solutions focusing on proactive protection against future threats are making a comeback. History has made a full circle.

Well, not quite – of course, modern proactive protection does not rely on firewalls. Instead, it taps into Cyber Threat Intelligence (CTI), a proven cybersecurity discipline that helps organizations make proactive, informed decisions to identify gaps in their defenses, improve their security posture and risk management, and optimize incident response. CTI gathers data from various sources, such as public threat feeds, security vendor research, and dark web monitoring. This data includes indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs) used by threat actors, and other contextual information. The ultimate goal of a CTI solution is to turn this multitude of signals into actionable insights into potential and current cybersecurity threats that could harm an organization.

What can be viewed as the new virtual perimeter of a modern organization is its attack surface, the combination of all the possible vectors that can be used to attack, gain unauthorized access to, or steal data from an organization. It represents the breadth of exposure from a potential attacker's perspective, and thus, minimizing an organization’s attack surface is a strong method of improving cybersecurity risk posture. CTI enables efficient Attack Surface Management (ASM) by discovering unknown assets and vulnerabilities, contextualizing the relevance and likelihood of threats, supporting threat hunting and incident response, and enabling proactive real-time monitoring. However, to stand out in this crowded market, a CTI vendor must be able to offer much more than just traditional threat intelligence feeds…

Full article is available for registered users with free trial access or a paid subscription.
Log in
Become a Member and read on!
Create an account and buy a Membership package or use our 7-days free trial period to access this and 900+ other in-depth and up-to-date insights.
Register and request your 7-day free trial
Register
Already convinced? Check out our packages
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use