Skip links

KELA External Threat Exposure Reduction

Cyber Threat Intelligence solution for proactive, continuous protection

The KELA Cyber Threat Intelligence platform enables organizations to proactively identify and eliminate cyber threats, data leaks, and vulnerabilities. The solution automatically collects data, analyzes, and monitors emerging threats. Based on a huge volume of historical data held by KELA, the solution enables a complete cyber threat intelligence (CTI) approach to preventing cyberattacks, supported by advanced analytics and real-time alerts.

Solution overview

The KELA Cyber Threat Intelligence platform offers extensive attack surface and asset management capabilities. It provides alerts on targeted threats to the organization, analyzing the attackers’ perspectives on the organization’s external infrastructure to identify exploitable vulnerabilities. SOC teams benefit from automatic proactive detection and automatic surveillance of potentially compromised IPs and domains involved in cybercrime activities. The solution also provides protection against compromised accounts.

By centralizing attacker information from multiple web sources, the KELA Cyber Threat Intelligence platform facilitates detailed investigations, providing security analysts with essential tools for threat hunting and deepening cyber investigations. The solution provides contextualized security intelligence, highlighting the connections between threats and attackers and providing decision-makers with a clear picture of the ever-changing cybercrime ecosystem. The intuitive interface and concise summaries allow for quick and efficient risk analysis, supporting organizations in adopting proactive security measures.

Available modules

KELA Cyber Threat Intelligence allows you to choose exactly the functionalities you need, based on the following modules:

Identity Guard

The module provides extensive monitoring of sources (illegal Dark Web marketplaces, cybercrime forums, instant messaging, and bot marketplaces), and complete, real-time Asset Discovery capabilities (domains, IPs and SaaS resources of organizations). By using the module, you receive real-time alerts about compromised assets and credentials, with automatic prioritization of critical alerts for remediation.

Monitor

The module alerts about threats directed against the organization, maintaining a proactive network defense. By using it, you automatically track and receive immediate notifications about threats to company assets. Thus, you can customize your organization's external threat landscape and receive specific remediation recommendations.

Investigate

Investigate and analyze threats, targets, themes, and groups, anonymously and in real-time. The investigate module helps analysts successfully perform threat hunting by providing contextualized information about attackers' tactics, techniques, and procedures (TTPs), their profiles and identities, hacking discussions, etc. Access information from a variety of sources, directly from the KELA Security Data Lake. Search raw data in over 100 languages and automatically translate the results.

Threat Actors

Get detailed information about threat actors: their motivations, areas of activity, location. nicknames, contact details, and more. Simplify investigations using the Advanced Search algorithm and conduct detailed research through advanced filtering to identify actors that pose potential threats to the organization. Benefit from KELA Cyber Intelligence Center's recommendations on emerging and high-priority threat actors.

Threat Landscape

The module provides high-level insights into the dynamic cybercrime ecosystem, including dashboards for the most important trends, daily benchmarks, and information feeds curated by KELA's cyber intelligence experts. The module includes information on ransomware events, network access rights offered for sale, leaked databases, and emerging threats across sectors. Benefit from effective strategic information to make informed decisions.

Technical Intelligence

The module continuously collects and analyzes data from the underground cybercrime environment, detecting potentially compromised assets based on the context and credibility of the source. This information is normalized and shared through the KELA API in a structured, machine-readable format. Use the module to proactively monitor or block access to these assets, effectively managing potential risks.

Third-Party Risk Management (TPRM)

The module provides advanced security solutions for monitoring, assessing, and managing risks associated with third-party suppliers in the supply chain. It allows for rapid integration of suppliers by identifying and cataloging the digital assets associated with them. The module collects and analyzes Threat Intelligence Exposure, Attack Surface Management and Technical Intelligence data. Using a proprietary algorithm, it calculates risk scores for each provider, giving you a complete picture of their relationships with them.

Use Cases

Organizations around the world use the KELA Cyber Threat Intelligence platform for the following activities:

1. Threat Intelligence:

Anticipating potential threats by monitoring the behavior and activities of dangerous cyber entities relevant to the organization’s industry or sector. KELA’s “Threat Actors” module provides detailed investigations into cybercriminals, analyzing web signatures, online identities, and other complex details.

2. Third-party Intelligence:

Identifying risks in the supply chain and attack surface. The module obtains relevant information, monitors and prioritizes high-risk suppliers and allows for rapid action: recommendations for remedial measures or interruption of collaboration, depending on the situation.

3. Vulnerability Intelligence:

Vulnerability intelligence collection, breach analysis, threat monitoring, and impact prioritization. The module allows the identification of emerging vulnerabilities, the automation of monitoring, the detection of weaknesses in the network and the prevention of unauthorized access.

4. Cybercrime Attack Surface Visibility:

Discovering the attack surface of the organization from the perspective of the attackers. The module analyzes how adversaries perceive your company, in order to fully understand the risks and prioritize security measures effectively.

5. Identity theft protection:

Customizing proactive credential theft protection. The module identifies compromised accounts, including those from SaaS platforms, performs a classification based on severity, and allows for quick integration with webhooks for immediate reactions.

6. Fraud detection:

Combating digital fraud involving online payments, chargebacks, bank cards, loyalty programs, and more. The module helps to proactively defend against fraudulent schemes, before they affect the organization.

7. Brand protection:

Uncovering essential information about your brand throughout the cybercrime underground. The module allows you to get a complete picture and facilitates quick action.

Main benefits of the solution

KELA Cyber Threat Intelligence offers the following benefits:

Centralized data visualization

Access all available information in a unified hub, gaining a clear view of the entire external attack surface.

Stopping the #1 cause of cyberattacks

Intercept compromised employee and customer identities with access to KELA's ever-expanding data lake, which comprises billions of compromised credentials, updated in real time.

Proactive risk management

Anticipate threats and prioritize responses using KELA's predictive risk scoring. Automatically identify critical vulnerabilities and gain actionable insights to improve remediation efforts.

Effortless integration and automation

Streamline security operations by easily and intuitively integrating with your organization's tools and processes that support automating account resets, changing passwords, and enforcing multi-factor authentication (MFA) for existing security personnel.

Immediate return on investment

Deploy quickly with self-service asset configuration, receive prioritized alerts for remediation in minutes, for a quick Return on Investment (ROI).

Total anonymity and secure search

The Investigate module works as an anonymous proxy that allows you to search and access various sources in the cybercrime underground in real-time without violating security or compliance policies and without attracting unwanted attention.

Multi-user communication

Status filtering and a messaging dashboard make it easier for multi-user organizations to communicate.

Real-time updates

Protect your organization by receiving real-time updates on compromised IPs and domains mentioned in cybercrime activities. Stay one step ahead of potential attacks by taking proactive action.

AI Profiler

Use the advanced capabilities of KELA AI to generate advanced summaries of threat actors, with a single click.

Services provided by Safetech Innovations

Safetech Innovations ensures the efficient configuration and use of the modules in the KELA Cyber Threat Intelligence platform, both independently and within a complex security architecture, along with complementary solutions.

Our services include requirements analysis and platform configuration, either in salf-managed mode by the client, or in MSSP mode, through Safetech STI CERT services.

Safetech Innovations is one of the most experienced cyber security companies in Romania. We have 14 years of activity and over 600 completed projects in this field for clients from multiple economic sectors.

Currently, Safetech Innovations employs over 70 employees, of which 40 are members of the technical team.

By using Safetech's implementation and support services, you reduce deployment risks, and benefit from customization, scalability, and flexibility, as well as ongoing post-deployment support.

Similar articles

SEE ALL ARTICLES

Contact us