Creating sustainable threat intelligence report delivery
Kalles Group delivered a mechanism for actionable, timely, and open-source threat intelligence reporting to aid leadership in making critical security decisions.
The threat intelligence organization of a global software company was tasked with delivering actionable cyber threat intelligence to security teams, leadership, and engineering groups to help protect the company and reduce risk.
The organization was looking to research audience needs, experiment with reporting products, and create dissemination channels. As a young organization within a large company, the client did not have the capacity to devote to this effort and asked Kalles Group to do the heavy lifting.
The client wanted to pilot different reporting formats targeting several internal customers, and expand dissemination of intelligence reports while keeping the cost and resourcing low.
The three outcomes Kalles Group was charged with to provide were:
- Actionable, timely, and open-source intelligence reporting
- Weekly technique-based reporting using Mitre ATT&CK framework
- Quarterly and annual list of cyber threats impacting the company
Kalles Group worked to combine open-source cyber threat intelligence with the company's internal data, telemetry, and analysis. This combination of open source and internal insights could be used to inform leadership on emerging threats and drive decision making conversations.
The Kalles Group reports provided enriching and actionable context to enhance the decision-making process.
The Kalles Group reports provided enriching and actionable context to enhance the decision-making process of the client's customers. Consolidation of information sources provided the client with products to drive critical security decisions.
Kalles Group also collaborated with the Program Manager to expand audiences reached and increase professionalized products and partnerships with the client organization. The work done by the Kalles Group team increased visibility for the client within the company, directly increasing the quantity of requests for intelligence (RFIs) the organization received.