The Red Trident ICS/SCADA Threat Intelligence Team is dedicated to identifying threats against ICS/SCADA systems and business networks within the Oil and Gas, Manufacturing, Petrochemical, and Utilities sectors. We are dedicated to providing strategic, operational, and tactical intelligence about threat actors, whether they are Advanced Persistent Threats, eco-terrorists, or emerging threats with unknown capabilities. We look for motivations, intent, capabilities, and methodologies in order to enhance your security posture. We can quickly help you identify threats against our industries, so that you can prioritize your vulnerability management. This can significantly reduce the amount of resources that you have expend to protect your environment.
Advanced Persistent Threat Research – One of the biggest concerns in the ICS world is becoming a target for an Advanced Persistent Threat (APT). Monitoring these threats is a huge undertaking, and is very manpower intensive. RTI’s Threat Intelligence team is dedicated to monitoring these threats, and can quickly pass along information that may affect your security posture.
Insider Threat Research – The most immediate and credible threat to your ICS and business networks is the Insider Threat. Whether it’s a non-malicious person why is just messing around in the network, or a person who is leaving the company soon and stealing intellectual property, or someone who is clicking any link that is sent to them in an email, these types of threats can be identified and mitigated. RTI’s Threat Intelligence team can help you identify these threats, and work through solutions.
Access to the RTI Threat Intelligence Portal – On-demand Malware analysis through our sandbox, as well as access to the entire collection of our intelligence products. A searchable database enables research capabilities based on information collected by RTI, or donated (anonymously) by clients.
Cross Industry Cyber Threat Reporting – RTI Threat Intelligence Reports on ICS and business network threats in industries that are relevant to your industry. Oil and Gas, Petrochemicals, Energy, Water, Waste Management, Manufacturing, and several other similar industries are reviewed for threats that can affect us all.
Threat Management – Most companies have dedicated efforts towards vulnerability management, which is a great start! If you’re not looking at threat management, then you may be spending money on shoring up vulnerabilities that don’t have any active threats. RTI’s Risk Based Threat Intelligence compares threats to vulnerabilities, and helps you refine your prioritization. This can help you significantly reduce the amount of time and money that you’re spending on your programs.
Weekly Summaries – Yes, you get plenty of these, and they normally just end up in your delete box, BUT you won’t want to do that with these. We will provide you with relevant, useful, actionable intelligence so that you can make quick changes to your environment, and improve your security posture. Our weekly report, which we’ve named the VuRTIS is a concise report with information specifically about threats to our industries, and security trends that may affect YOU. When possible, there will be an additional page dedicated to providing specific Indicators of Compromise (IOC) that you can use to enhance the security of your networks. It will include an CVEs that were released during the week that specifically relate to you, and any bad IP addresses, domain names, examples of active phishing attacks, etc. No Fear, Uncertainty, and Doubt (FUD), no BS, nothing that you can’t use. You’ll actually read this weekly, and ask for more.
Quick Reaction Reports – Highlights impending or currently ongoing attacks against one of our clients or within our industry in general. These will be “initial indicator” reports to alert you that something may be happening, and how it could affect you. We will try to get these reports out as quickly as possible, with all of the information that is available right that second.
Threat Actor Targeting Alerts – Customized searches and alerts to help you learn more about any open source intelligence threat. RTI’s team of analysts will be standing by to help you research information, analyze situations, and help you make changes to your environment and security posture.
Tactical Level Indicator Research – Our clients and partners can send potential Indicators of Compromise to RIT’s threat intelligence team for research. Our team will determine if they are known indicators, and try to formulate risk mitigation techniques based on the client’s architecture.