Threat Hunting
KELA’s Comprehensive Cyber Intelligence Platform
An award-winning cyber threat intelligence firm, KELA’s mission is to provide 100% real, actionable intelligence on threats emerging from the cybercrime underground, to support the prevention and neutralization of digital crimes. Our success is based on a unique integration of our proprietary automated technologies and qualified intelligence experts. Trusted worldwide, our technology infiltrates hidden underground places and thoroughly monitors, hunts, and mitigates digital crimes to uncover real risks and allow proactive protection. KELA’s revolutionary solution arms you with highly contextualized intelligence, as seen from the eyes of attackers, thus enabling the elimination of blind spots and proactive network defense.
Download the KELA Q2 Ransomware Highlights in the UK report.
Our Services
Cybercrime Investigate
How it works
- Real-Time Data Collection – KELA’s Investigate module automatically and continuously collects information from hard-to-reach, dynamic cybercrime sources.
- Unique Image Analysis Features – The module collects text, images and other meta-data from its sources and applies image analysis to extract critical intelligence from images in a searchable format.
- Complete Anonymity and Safety – KELA’s Investigate module serves as an anonymous proxy to search and access the different sources in real-time, without breaking any security or compliance policies or attracting unwanted attention.
Benefits
User-friendly search functionality with advanced features empowers users to research anything in the cybercrime underground.
Gain full access to research from KELA’s world-class Cyber Intelligence Center. Browse through the module’s Finished Intelligence Feed to gain insights from our experts about recent ransomware events, network accesses, database leaks, and other cybercrime threats.
Pre-defined queries on the latest trending subjects or custom organization-related alert notifications keep you continually informed on what you truly need and want to know.
- Real-time investigations – Perform in-depth investigations on any data point and access valuable results in real time.
- Complex queries – Allows users to perform complex query searches, and immediately retrieve relevant results.
- Ongoing source addition– Access intelligence from database dumps, Telegram groups, botnet markets, hacking chatter, and more, straight from KELA’s security data lake.
- Quick pivoting – Enables an optimized search process of all data.
- Total anonymity – Safely search and access the cybercrime underground while meeting legal and compliance requirements.
- Multiple language support – Search and access raw data in more than 100 languages and auto-translate results.
- Secured searches – Conduct secured investigations without exposing your scope to KELA and obtain access to raw data straight from our security data lake.
Cybercrime Monitor
How it works
- Extensive Source Collection – The module continuously collects intelligence from a variety of hard-to-reach sources, including forums and markets, closed instant messaging channels, and other illicit hacking services.
- Sophisticated Reporting – The module automatically generates machine-readable reports on intelligence such as leaked databases, exposed ports and hosts in your network, compromised accounts or stolen credit cards.
- Available, Actionable Data – Intuitive and interactive dashboards deliver timely threat intelligence focused on hacking discussions, instant messaging, leaked credentials, network vulnerabilities, compromised accounts, and additional intelligence reports.
Benefits
Tailored monitoring and alerting allow you to configure specific assets to track threats to your organization, your supply chain, your executives and your attack surface, so you can focus on the threats that matter the most.
The module monitors the organization’s entire attack surface, mapping the network from the outside by watching the perimeter and domains for exposed databases, open ports and other vulnerable technologies.
Leverage the flexible module API to enrich other key tools in your security infrastructure such as SOAR and SIEM with targeted intelligence from the cybercrime underground.
- Real-time targeted alerts – Automatic tracking and immediate notification of company assets-specific cybercrime threats.
- Advanced management capabilities – Users gain full control over their intelligence, enabling customised management of the organisation’s external threat landscape.
- Actionable intelligence – Provides specific remediation recommendations for potential threats to the organisation.
- Multi-user communication – Status filtering and a messaging board facilitate communication for organisations with multiple users.
- Singular data view – Featuring all available intelligence in a unified hub, providing a clear overview of the entire external attack surface.
- Collection in multiple languages – Efficient detection of cybercrime threats helps users maintain a reduced attack surface.
Technical Intelligence
How it works
- Collect Data – KELA’s automated cyber intelligence technology continuously collects posts, images, and other information in various formats from the cybercrime underground.
- Analyze and Extract – The collected data is analyzed to detect potentially compromised assets based on context and source credibility, resulting in an output of indicators, including IP addresses and domains.
- Normalize Data – The detected assets, their context, and MRTI properties, such as STIX, are shared with the users via KELA’s API in a structured, machine-readable format.
- Build Proactive Defense – Leveraging KELA’s Technical Intelligence to monitor or block access to detected compromised assets empowers users to remediate potential risks proactively.
Benefits
Easily integrate KELA’s machine-readable Technical Intelligence into your SIEM, SOAR, or any other security solution, by using the STIX format or any other available fields.
Protect your organization by getting real-time updates on compromised IPs and domains mentioned in cybercrime activity. Stay ahead of potential attacks by taking proactive countermeasures.
KELA’s real-time Technical Intelligence includes information from a wide range of cybercrime underground sources, ensuring that you have access to the most up-to-date and relevant intelligence on cyber threats.
Learn more about each threat by gaining a deeper understanding of the intelligence source and how the asset was compromised.
Threat Landscape
How it works
- Extensive Source Collection – KELA automatically and continuously collects intelligence from various hard-to-reach sources, including cybercrime forums and illicit markets, closed instant messaging channels, hacking repositories, and other cybercrime sources. The mass data collected comprised hundreds of thousands of data pieces such as posts and chatters and includes text, images, and other meta-data.
- Deep Analysis – Once automatically processed into a structured, readable format, the collected data is reviewed and analyzed by KELA’s Cyber Intelligence Center to identify any potential threats, trends, or patterns of suspicious activity.
- Strategic Data Made Accessible – KELA’s Threat Landscape module includes intuitive and interactive dashboards allowing executives to deliver high-level, finished intelligence reports with practical, strategic information, thus enabling informed decisions on the next steps.
3 Segments
Gain valuable insights into the latest cybercrime trends with our user-friendly dashboards. Our dashboards offer a comprehensive overview of APT (Advanced Persistent Threat) activity, ransomware events, and network accesses available for sale. You can easily view top threat actors, affected sectors, and geographic locations. Additionally, our dashboards provide detailed insights over a specific period of time.
Discover the latest happenings on the cybercrime underground with KELA’s finished intelligence. This segment provides detailed insights into events that have occurred over the past 24 hours. You can stay informed about each event and gain a better understanding of the evolving cyber threat landscape.
Stay ahead of cyber threats with KELA’s comprehensive finished intelligence feed. Our feed includes detailed information about a range of cybercrime events, including ransomware attacks, network accesses for sale, leaked databases, and emerging threats. You can also access intelligence insights and reports about the latest trends in the cybercrime underground. With our user-friendly interface, you can easily filter the data by date, sector, geographic location, TLP (Traffic Light Protocol), or category, allowing you to focus on what matters most to your organization.
Frequently Asked Questions
Threat hunting is a multi-faceted practice that takes a proactive approach to cyber security. It identifies potential threats in typically undetectable areas through intelligence gathering, specialised technologies, and expert methodology. The aim is to locate and conduct risk assessments on malicious actors that have gone unnoticed by traditional security measures.
Anyone can have vulnerabilities that make them susceptible to cybercrime. However, it’s often organisations responsible for processing and storing personal data that are most heavily targeted. Of these, SMEs and public bodies typically have less resources to devote to cyber security, making them more vulnerable.
The main way businesses can be affected by cybercrime is through reputational damage. Customers no longer feel the organisation can protect their data, and so doing business with them is perceived as risky. The result is potential losses in sales revenue.
The existence of cybercrime can also affect the way businesses operate. For instance, through employee training and other forms of additional cyber security.
Please complete the form below to find out more.
What Our Clients Say
“CyberWhite have been a pleasure to deal with by repeatedly demonstrating their professionalism and technical knowledge throughout the procurement process and execution of our project. From initially exploring our goals to a consultant working with us on-site and remotely, we’ve enjoyed a positive experience that has ultimately benefited our organisation and helped to improve our Cyber Security posture.”
“I would like to say a thousand “thank you’s” to CyberWhite after rescuing us from the commercial disaster we faced after being subjected to a very sophisticated fraud. Without the timely involvement and expertise from CyberWhite, we would undoubtedly have faced catastrophic consequences including a significant financial loss and possibly a forced closure of the business. We will always remember the kindness and professional approach taken by the CyberWhite team. They were able to successfully recover the critical data which was the life blood of our business. This expertise has allowed us to continue trading and provided us with the additional benefits of ensuring that we are more cyber risk aware and we now have a security partner to support us.”
“As an Operator of Essential Services, PX Group comply with advice provided by recognised security bodies such as NCSC. The advice is relevant to all organisations who provide infrastructure or support to the UK’s critical national infrastructure. PX Group engaged CyberWhite to undertake Third Party Security Audits (aligned to ISO28000:2007) against key suppliers who had access to information assets within the PX Group domain. CyberWhite created a comprehensive audit document set and supported this with interviews and visits in order to validate responses. The output from CyberWhite was comprehensive and provided security assurance to PX Groups stakeholders and interested parties that the key suppliers had a focus on security and understood and could demonstrate best practices in relation to the handling of PX Groups information assets. This process has been invaluable in validating what we believed and providing a platform from which we will continue to assess, review and benchmark all parties in our information supply chain.”
