In the Eye of the Storm: Securing Threat Intelligence Research

Storm chasing is not for the faint of heart. It’s dangerous work, and yet it fascinates us because these meteorologists and documentarians help us understand what extreme weather events look like up close.  

In a similar way, threat intelligence companies do the tough, relentless work of seeking out cyber threats and vulnerabilities. Instead of running away from an emerging threat, they run toward it — seeking to analyze and better understand the threat landscape so that they can advise their customers on how to prevent and mitigate data disasters.

And, as you’ll hear in the video below from Jason Steer, CISO of Recorded Future, it’s a challenging — but exciting — field to work in. 

Whether you’re a storm chaser or a threat intelligence company, it would be reckless to go into the eye of the storm unprotected. These intrepid experts understand, better than anyone, the risks associated with the dangerous forces they encounter. 

Virtru's data-centric security is like an armored vehicle that equips threat intelligence companies to navigate risky terrain without sacrificing security and control. With military-grade data encryption and access controls that wrap around each individual piece of information, Virtru allows threat intelligence companies to confidently exchange sensitive information with partners, while governing data access and maintaining complete control of information that's been shared externally.

Threat Intelligence: Preparing for the Storm

Here’s where the metaphor diverges: Threat intelligence vendors don’t just document and report on threats that are already known. They help their customers do something about it. It's like if a storm chaser also had the complete meteorological resources and dataset of NOAA, and could more accurately anticipate and mitigate the threats posed by future storms. (Just saying, this would be a great finale in the Twister trilogy. Get Glenn Powell on the phone.) 

The success of a threat intelligence company hinges on its proprietary data. To remain valuable and competitive, it must: 

• Gather unique intelligence through a variety of channels, from open-source intelligence to the dark web.
• Communicate quickly when urgent needs emerge, automating processes and leveraging AI where needed to surface patterns, trends, and time-sensitive risks. 
• Manage a wide range of sensitive data that covers a wide range of risks, including ransomware, malware, active phishing campaigns, undisclosed software vulnerabilities, emerging cyber attack techniques and vectors, and everything in between. 
• Share information dynamically and securely, whether that’s a negotiation with a gray-hat hacker or an urgent alert to a VIP enterprise customer.
  
  

It's also important to consider the data that is shared in these workflows. After all, it's the data itself that represents the most vital asset for these companies. Threat intelligence vendors regularly handle:

• Detailed technical analysis of emerging threats
• Proprietary research (methodologies, sources, and findings)
• Undisclosed vulnerability information
• Sensitive client data, risk vectors, and attack patterns
• Continual assessments of threat actors (whether independent or nation-state-backed)
• Intellectual property related to detection and prevention techniques

To sum it up, for a threat intelligence company, data is everything. Data integrity cannot be compromised, and access must be tightly managed. However, this data simply cannot remain locked away or unusable. It must be shared intentionally and securely, with the right people, at the right time.

For this line of work, traditional perimeter-based security falls short, because it isn't designed to protect data that must move outside an organization's network. That’s where Virtru comes in. 

You’ve Got a Strong Defense. But What About Offense? 

Threat intelligence companies play exemplary defense. They are focused on protecting the data that they possess, and they help their customers do the same, in the face of escalating cyber threats. 

But, there is a very real, business-critical need to share information externally — to play “offense.” These highly sophisticated organizations need a secure way to collaborate with sources, customers, business partners, and even government agencies. This is a business imperative: There is no scenario where secure collaboration can be ignored or overlooked at a threat intelligence company. Its value is in its data, and its data must remain both secure and shareable, at all times. 

That’s why leading threat intelligence providers use Virtru to provide a strong offense as a complement to their already-strong defense.  

Virtru provides unique value in the threat intelligence space. Here's an example of how one of our customers uses a combination of three Virtru solutions to support their organization's unique workflows. 

Threat Intelligence Case Study: Recorded Future

Recorded Future is a sophisticated, industry-leading threat intelligence company. Recently acquired by Mastercard, Recorded Future is at the cutting edge of ransomware research, detection and mitigation of threats in a rapidly escalating cybersecurity environment.

Recorded Future uses Virtru client-side encryption for Gmail, Virtru Secure Share (with an integration for Zendesk), and Virtru Private Keystore for Google Workspace CSE (Client-Side Encryption). This enables Recorded Future to securely exchange confidential information with external partners. Hear from Roderick Chambers, Senior Security and Risk Engineer, on why Recorded Future chose Virtru.  

As mentioned in the video above, Virtru makes it remarkably easy to protect information stored and shared via Google Workspace. Here's how these three solutions add up to make a big impact for Recorded Future: 

Secure Gmail Collaboration

Recorded Future needed a simple solution for protecting sensitive information shared via Gmail. Ease of use was paramount: They needed a solution that wouldn't interrupt users' workflows, and that was simple enough for users to adopt, and for external partners to access. Recipients of Virtru-encrypted emails don't need to create an account or download any software. They simply authenticate with their Google or Microsoft account, and they are good to go. 

Effortless, Platform-Agnostic File Sharing

With Virtru Secure Share, the team can exchange files that are too large to send over email. Virtru Secure Share supports file sizes up to 15 GB, and Secure Share integrates with everyday business apps like Zendesk, Confluence, and Google Drive for automated, seamless security. 

Google CSE Key Management

Virtru supports Google Workspace Client-Side Encryption (CSE) as an authorized key manager, so organizations leveraging CSE for Workspace can manage encryption keys with Virtru, while hosting private keys in the location of their choosing. An added bonus of using Virtru for Google CSE is that Virtru is the only key manager that allows you to leverage Google Drive custom labels to automatically apply access controls and permissions. 

Secure Threat Intel with Virtru

If you exchange sensitive information — for threat intelligence, risk mitigation, or otherwise — we'd love to talk with you about how Virtru can support easy, secure data sharing in a way that allows you to collaborate with confidence. Contact our team today for a demo to see what we can do.