Cyber Threat Intelligence

Cyber Security Dec 14, 2022

Halodoc is a health-tech platform that aims to simplify access to healthcare by leveraging technology and ensuring seamless and convenient access to a  comprehensive health ecosystem. As a health-tech platform, security of Halodoc’s information system is paramount and required to be managed systematically, hence in the effort to strengthen our Information Security Posture, Halodoc have been implementing Cyber Threat Intelligence to improve the overall visibility from the present and the potential threats that targeting Halodoc Ecosystem.

What is Cyber Threat Intelligence

Before deep-diving into Cyber Threat Intelligence, it is good for us to read this well-known quotes from Sun Tzu a Chinese military general, strategist, philosopher, and writer who lived during the Eastern Zhou period where he is traditionally credited as the author of The Art of War, an influential work of military strategy that has affected both Western and East Asian philosophy and military thinking.

“If you know the enemy and know yourself, you need not fear the result of a hundred battles”

So Cyber Threat Intelligence is actually trying to follow the same principle in the context of cybersecurity where defenders need to know their weaknesses and understand on how the attackers operate to allow organizations having better understanding into the present or future threats by collecting, analyzing and classifying cyber threats information and context that will provides :

  • An actionable vision to identify, measure and rank vulnerabilities to mitigate the cyber risks.
  • An Insight into the latest threat trends on the cyber threat landscape to develop situational awareness for organization.

To simplify our understanding, let us also use this following example on how we can formulate  “Information” and “Context” as the  Intelligence data.

  • Information :  Data, names, places.
  • Context : Dates, times, assets, infrastructure, locations, employees, behaviors, targets.
  • Intelligence : Combining Information with Context that allows us to piece together a narrative that directs, or guides an organization to action.

Why is Threat Intelligence Important ?

Threat Actors are becoming more and more sophisticated in exploiting cybersecurity gaps. This is why threat intelligence is increasingly essential to protect the digital infrastructure and assets of the organizations which enable us to make faster, more informed, and change the organization behavior from reactive to more proactive in the fight against the threat actors as well as thoroughly understanding the threat landscape which will allow organization to accurately identify and prioritize risk and implement the right tools and techniques to respond the threats.

Types of Cyber Threat Intelligence

The following table outlines the common types of Threat intelligence that is split into three main areas which will offer context, attribution, and action that enable the solid foundation for building a Security Operation Center (SOC).




Description

TACTICAL

Offers clues (without context and attribution)

OPERATIONAL

Applies Context and Attributions to Enable Action

STRATEGIC

Provides context and attribution to inform action

Indicators, artifacts, and other evidence (e.g. IOCs) on the existing or emerging threats to organizational assets. 

Observing adversaries on how cyber criminals and groups are operates 

High level of information on the cybersecurity postures, threats, financial impact of cyber activities, attack trends, and their impact on business decisions. 

Sample Use Cases 

SOC Team uses the Indicators of Compromise (IOCs) to detect or block an emerging risks where the IOCs can be ingested into all the security perimeters e.g. SIEM, Firewall, IDS, IPS, (WAF), etc.

Explaining who is behind attacks, attacker motivations and how attacks are being performed (TTPs) by creating or correlating the context from Vulnerability Management, security advisories, IOCs, etc.  

Third-party or Supply chain risk assessment that potentially impacts the businesses. 

What Is a Threat Intelligence Platform (TIP) ?

Knowing where to find the threats is becoming increasingly difficult as threat actors use diverse channels which oftentimes operate through the surface web, deep web or dark web, hence  organization will rely to the Threat Intelligence Platform (TIP) which has the main capability to leverage multiple data sources for collecting, organizing, analyzing, and visualizing the information about security threats, vulnerabilities, and attacks that relevant to the organizations and Internal SOC team will only focus to investigate security data and prioritize the exploitable vulnerabilities instead of dedicating time and resources to collecting and managing the Threat Intelligence data.

There are several TIP products in the market that you can see on this following gartner link and herewith the sample Master Dashboard Menu of the TIP that has been implemented at Halodoc.

Threat Intelligence Platform (TIP) Use Cases

Cyber Threat Intelligence solutions can be used in a wide variety of ways, hence it is important to identify the potential use cases that suit our organization's needs. Herewith the use cases that have been implemented in Halodoc by leveraging one of the commercial Threat Intelligence Platform (TIP).

Use Cases

Implementation 


Domain Abuse Detection

Search or Detect Halodoc Domains 

Search or Detect Halodoc IP addresses 

Search or Detect When Halodoc Website being cloned

Digital Assets Monitoring

Search or Detect Halodoc Brand or Product name that posted online 

Credential Leaks

Search or Detect Halodoc Employees email addresses that are being leaked or peddled.

VIP Monitoring

Search or Detect mentions VIP Employees of Halodoc Organizations.  

Deep and Dark Web Monitoring

Investigate Deep and Dark Web with emphasis on the prolific criminals Underground Forums or Marketplaces related to Halodoc organization.  


Vulnerability Intelligence

Search or Monitor Vulnerabilities associated with Halodoc Organizations tech stack. 

Search or Detects Externally Vulnerables IPs, Ports and services related to Halodoc Organization. 

Incident Response and Communication

Leverage Regular Threat Intelligence Reports to develop situational awareness of prolific security incidents / developments. 

Detect and Respond to Cyber Incidents.

Post Incident advisory to avoid similar incidents in the future. 



Managed Services

Perform an analysis of Threat Intelligence alerts. 

Participate in Regular Table Top Exercise (TTX) and Security Incident Management Process for true positive intelligence findings.  

Ad-hoc support for heightened monitoring initiatives within Halodoc 

Conclusion

Cyberattacks on all businesses are becoming more frequent, targeted, and complex which are not only disrupting the business operations, but it may also cause the reputational damage to the organizations. Hence, nowadays businesses should consider implementing Cyber Threat Intelligence to improve the overall visibility of the Cyber Threats. Leveraging Threat Intelligence Platform (TIP) is one of the best ways to consider where this platform can collect the information about cyberattacks from various sources to protect the organization and weaken the damage probability of the present and the future cyberattacks.

References

https://crowdstrike.com/cybersecurity-101/threat-intelligence/

https://cyble.com/cyble-vision

https://en.wikipedia.org/wiki/Sun_Tzu

https://gartner.com/reviews/market/security-threat-intelligence-services

https://socradar.io/what-is-strategic-cyber-intelligence-and-how-to-use-it/

Join us

We are always looking out for top engineering talent across all roles for our tech team. If challenging problems that drive big impact enthral you, do reach out to us at careers.india@halodoc.com

About Halodoc

Halodoc is the number 1 all around Healthcare application in Indonesia. Our mission is to simplify and bring quality healthcare across Indonesia, from Sabang to Merauke. We connect 20,000+ doctors with patients in need through our Tele-consultation service. We partner with 3500+ pharmacies in 100+ cities to bring medicine to your doorstep. We've also partnered with Indonesia's largest lab provider to provide lab home services, and to top it off we have recently launched a premium appointment service that partners with 500+ hospitals that allow patients to book a doctor appointment inside our application. We are extremely fortunate to be trusted by our investors, such as the Bill & Melinda Gates Foundation, Singtel, UOB Ventures, Allianz, GoJek, Astra, Temasek and many more. We recently closed our Series C round and In total have raised around USD 180 million for our mission. Our team works tirelessly to make sure that we create the best healthcare solution personalised for all of our patient's needs, and are continuously on a path to simplify healthcare for Indonesia.

Dody Alfian

Cybersecurity Manager at Halodoc who enjoy on the continuous learning process to determine the best way on how to protect the data, systems and network from potential security threats.