Blog details

Using Threat Intelligence Services to Combat Analyst Fatigue

Jerry Nguyen, VP of Services & Intelligence

As I stepped into my role leading the Culper Group to provide Threat Intel (TI) Services to our current and new customers, I took a moment to reflect on how threat intel is being provided to organizations. At King and Union, we want to change how TI is being used and shared within an organization and externally to the organization.

As a previous CSOC manager, an MSSP Analyst Group leader, and an Advisory Consultant, I have seen many applications of TI. Organizations ingest TI in many ways: OSINT/closed feeds, internal reporting, external reporting, etc. I started to realize that there were too many sources of TI and organizations were starting to feel overwhelmed. Being overwhelmed with TI reminded me about the response side, and how CSOC teams suffer from alert fatigue. I believe we are on the cusp of seeing TI fatigue.

Culper Group Services

 

Many CSOCs that I have managed or helped support, were continually inundated with TI. The challenge many small CSOCs have is that they do not have dedicated TI Analysts. Typically it’s either the on shift CSOC Analysts or the On-Call Analyst that is doing research or validating TI off to the side. More often than not these teams just need a quick and easy way to access tactical support. Ultimately answering the question of, “Is this data relevant to me and my mission?” Access to a dedicated TI analyst on-demand is a great way to mitigate this type of challenge for small CSOCs that do not have a budget for a dedicated TI Analyst. Culper Group’s Analyst On-Demand service allows for tactical support for organizations that just need a quick answer on TI analysis.

When a CSOC is facing multiple incidents at the same time a TI team will need surge support of specifically skilled analysts. Currently, many TI teams are faced with the challenge of not having skilled analysts at the ready for major incidents or a spike in a number of threats. With Culper Group’s Extended Analyst service, a TI team can easily request surge support to enable a CSOC analyst team to be more efficient and effective at closing incidents or reducing the spike of threats back to a normal operations tempo.

During a “normal” operations tempo, many TI teams are asked for very specific tasks. These tasks range from Threat Hunting, Brand Monitoring, Deep Dark Web monitoring, etc. Most TI teams do not have the capability or skills for such tasks. Having a mechanism to reach out to a group of TI analysts that can provide tailored services to address these challenges can be quite the challenge itself. Not only does the skill set need to be verified, but also the sources of data that will be needed to conduct such tasks. Culper Group’s Tailored Intelligence service not only has the analysts with the specific skill set to execute on those tasks, but each Culper Group analyst will also come with verified data sources through our partner program. A TI team that calls on Culper Group for tailored services will not only get a highly skilled analyst, but an analyst armed with the latest TI data.

Many MSSPs and MDR providers are great at doing the one thing they are contracted to provide. In our experience being a part of an MSSP and an MDR provider, specifically to TI, most providers do not have their own TI team. Many are stuck, by no fault of their own, trying to re-invent the TI wheel or paying for specific TI providers that provide only specific tasks.

Especially if there is a platform for all three entities to collaborate in real-time, and no longer waiting on service tickets to be updated to see progress. With Culper Group’s Managed Threat Intelligence service, we provide the platform and the analysts in a shared environment, so all of our customers benefit from anonymized threat intel in a central location.

The Culper Group was built to prevent TI fatigue. Our four service offerings will enable CSOCs of all sizes to take advantage of TI, whether they have the data or need the data provided. TI should enable an organization to become more efficient and more collaborative with the customers that they are serving. When we built the Culper Group, we wanted to help organizations big and small to operationalize TI and provide value not only to the cybersecurity teams but to the business as a whole.

The Culper Group offerings are powered by and delivered through our Avalon Cyber Analysis Platform. The Avalon collaboration platform will enhance each service offering with shared TI data sources. With these four service offerings, King & Union enables organizations to prevent TI fatigue, bolster their TI needs, and operationalize their TI sources. 

If you’re facing any of these challenges, let’s talk. We look forward to bringing the combination of our Culper Group services and our Avalon platform offerings to you and your organization!