Threat Intelligence – Knowing your opponent.

By July 23, 2021 No Comments

*By Gabriel Castro

It is very common in the cyber security scenario for teams to have detections that focus on the tools and arsenals used by opponents and forget that there is human factor associated with intentions. This confusion fails to take into account the goals, procedures and objectives of the associated criminal groups. Not having knowledge about your opponent can lead to uncertainty about detection ability.

The media exposes news such as "Emotet returns after an absence of five months", "ransonware: The Virus at Scale that Stopped Businesses Worldwide,” always focusing on malware itself doesn't answer questions like “What do opponents want to do to you?” or "The reason they chose you as a target?"

The purpose of this introduction to Threat Intelligence is to ensure a change in thinking so that by just saying that "a malicious tool has been identified on a server", we can identify "an adversary that uses specific malicious tools for the purpose of moving the environment, with the objective of avoiding attribution”. This kind of approach will highlight what you really do with your security technologies and will help you understand your defense capabilities. We need to make it clear that a vulnerability is a flaw in a software component that causes its use to shift the focus from which it was designed. Vulnerabilities they are not threats but opportunities for an adversary to deal with its victim, the human is the threat.

“If you know the enemy and you know yourself, you need not fear the outcome of a hundred battles. If you know yourself but not the enemy, for every victory won you will also suffer defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

― Sun Tzu, The Art of War

— Gabriel Castro is a Cyber Security Specialist at SAFEWAY


 THE SAFEWAY is an Information Security company, recognized by its customers for offering high added value solutions, through Information Security projects that fully meet business needs. In these years of experience, we have accumulated, with great pride, several successful projects that have earned us credibility and prominence in our clients, which constitute in large part, the 100 largest companies in Brazil.

Today through over 22 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Safeway can help customers better understand their Information Security needs, as well as the tools needed to detect, respond and mitigate their risks involving threats and regulatory issues. In this way, our professionals and expert consultants can help eliminate small problems before they become big ones. Security, Vulnerabilities and Fraud Management actively analyzes your company's security through monitoring activities, mitigating risks and attacks in the IT environment.