Resecurity Context™ is a Cyber Threat Intelligence (CTI) Platform enabling enterprises and government agencies to collect actionable intelligence from multiple sources by different criteria and to accelerate analysis, prevention and investigation workflow required for strategic and timely decision-making. The production of finished intelligence including but not limited to IOCs, TTPs, threat artifacts is organized through TAXII server located at taxii.resecurity.com. Resecurity developers, engineers and technical support team will provide documentation and assistance in configuration of secure data exchange based on Client specifications. Resecurity Context™ has a robust monitoring module allowing to configure multiple long-term monitoring tasks based on different criteria in order to optimize time-consuming and manual operations. Monitoring module provides real-time and near real-time cyber threat intelligence reporting capabilities depending on the technical specifications, structure and type of the source and Operational Security (OPSEC) level. The platform enables operator to configure frequency of data updates which may affect the timeframe to identify new data. Resecurity is constantly monitoring the status of data updates and is managing resources required for effective and high-quality cyber threat intelligence acquisition process 24/7/365. Using monitoring module operator can organize and facilitate: Confidential monitoring of all web environments (deep web, dark web, public web) for the presence or absence of a provided set of indicators, which could include IP address, file hashes, URLs, phone numbers, email addresses, physical addresses, names of similar. Identification of threat actors, attack tools or campaigns targeting State, Local, Tribal, and Territorial government agencies. Identification of threat actors, attack tools or campaigns targeting law enforcement (in the United States and/or internationally). - Identification of threat actors, attack tools or campaigns targeting the Client. - Identification of threat actors, attack tools or campaigns targeting employees of the Client. - Identification of Client information or identifies being sold on the “black market”. - Identification of the precursors to or signs of identity theft targeting Client high profile employees. - Actor-Centric Intelligence - Botnet Intelligence - Dark Web Intelligence - Data Breach Intelligence - Human Intelligence - Open-Source Intelligence - Malware Intelligence - ISP Traffic Intelligence - Signal Intelligence Platform ability to collect and analyze input from all these sources, Resecurity Context™ can provide comprehensive finished intelligence about subjects of interest (SOI) or multiple Essential Elements of Information (EEI), including but not limited to: - Adversaries, Suspects, and Victims - Device Identifiers - Indicators of Attack (IOAs) - Indicators of Compromise (IOCs) - Malware Artifacts - Network Indicators (IP, Domain) - Particular Signatures or Events Resecurity Context™ has additional modules included in “Context Library” used for independent search, correlation and pivoting between different data sets and criteria, and monitoring operations. Modules represent aggregated intelligence by the following categories: - Intelligence (Dark Web, Deep Web, Surface Web) – by default; - Data Breaches (Compromised Credentials, Data Leaks, Botnets, Third-party Data Leaks); - Compromised Payment Data (Compromsied Credit Cards, Identity Information); - Indicators of Compromise (IOCs Repository); - IP Reputation (indicators of malicious network activity with additional background information); - Passive DNS (DNS records with associated additional meta-data and WHOIS repository); - Security Incidents (Updating feed of recent security incident, APT campaigns, data breaches); - Threat Actors (library of threat actor profiles). Resecurity Context™ allow operator to see what information is available to and being discussed by potential cyber-attackers. In order to increase relevancy of the search results the operator may define exact category which will allow to prioritize the selection of sources, threat actors and other artifacts by thematic cluster (“niche”): - Cybercrime (underground communities) - Carding (underground communities, groups and resources related to financial crimes) - Marketplace (underground shops, illegal communities providing products or services) - Hacktivism (hacktivists, protest and other activity identified in dark, deep and surface web) - Research (security research resources for cross-reference, including external threat intelligence) - State-sponsored (confirmed and potential activity by nation-state actors) - Geopolitics (malicious and other activity related to recent geopolitical events and trends) - Malware (malicious activity caused by malware, spyware, ransomware, and/or other tradecraft) - Terrorism (extremist and illegal content identified through various digital channels and means) - Piracy (various counterfeit, piracy-related online-resources). Resecurity Context™ guarantees confidentiality of monitoring process and non-attributable search operations due to purpose-built architecture and isolated infrastructure for data aggregation and translation. The platform allows to work with the collected data preventing possible leaks of client-side details from the operator, as well as blocks active content execution from “mined” data sources.