Augurio 5 Phases for Intelligence Generation
Phase 1 Planning and Direction
We collect relevant business information, either by a survey or by an active scan. The main objective is the identification of our customers’ intelligence needs (NI), risks, critical services, potential threats regarding its vertical, center of gravity, operations flows, and any information that give us value to answer questions regarding risks or situational awareness for the business.
Phase 2 Collection
We perform a collection of indicators directly from the client’s technology infrastructure using Augurio’s NSA. A develop solution with the goal of collecting all necessary observables to make decisions.
Phase 3 Processing Explotation
We perform advance analytics functions applying machine learning, both static and dynamic automated and massive malware analysis to be able to perform triage between so many samples and focus on the most important where manual analysis can be justified. PCAP analysis, enriching data and OSINT with third party like Emerging Threats, VirusTotal, Neutrino, SANS ISC, AlientVault OTX, CrowdStrike, and other open threat databases like our own classification’s history.
Fase 4 Analysis and Production
In this intelligence cycle phase applied to the cyber domain, findings aligned with the Kill Chain, and if we have the sufficient information with the diamond model, we apply structure analytic techniques to contrast hypothesis and correlate the possible operations and campaigns from a group or cyber actor’s groups that target the client.
Phace 5 Dissemination
In this phase we handle, through intelligence reports, the final product providing situational awareness to multiple target audiences: Strategic Intelligence (business risks), Tactical Intelligence (Incident Handlers), Technical Intelligence (System Administrators), and Operational Intelligence (Hunting Team).