Cyber security and threat analysis have been evolving much in the same way that actual cyberattacks have evolved. As the attacks become more sophisticated, the defensive measures employed by company’s must also become more sophisticated. One tool becoming much important in protecting data is the Request for Information (RFI) service.
What are RFI Services?
RFI capability allows for the combination of multiple sources of intelligence to be filtered through a client-specific data pipeline that delivers intelligence specific to an organization’s actual threat. This service recognizes that relevance and context are crucial. And RFI services allow the companies to investigate and analyze information coming from a number of different intelligence domains, such as cyber threats, fraud, third party, reputation, platform, and physical protection.
RFI services can be the key to protecting your company’s data because they go above and beyond providing generalized guidance and suggestions. RFI services are often more helpful than other services because clients can request specific information or ask specific questions that help them to address intelligence gaps. The service provider will often provide a curated response that incorporates many different dimensions of data and threats to the unique environment in which the company operates.
And this is where RFI services truly shine because, in many modern digital security environments, the intelligence teams lack the ability to combine all of this information into a finished intelligence report. They have the pieces of the puzzle but often lack the expertise and resources to pull all of the pieces together and deliver a comprehensive picture of the data ecosystem and its potential threats. And much of the threat intelligence resources focus on cybersecurity related to generic data lakes. While this approach can deliver trends and correlations, it lacks the unique perspective to identify threats to a specific organization. RFI services step in to fill this gap.
The Process of Completing an RFI
RFI service providers have to take an incredibly comprehensive approach to the intelligence related to a specific organization. But they generally focus on multiple dimensions, including:
- Monitoring: RFI services will look for Personally Identifiable Information, data leaks, unverified or leaked credentials, malicious IPs or domains, and online mentions of the company and vendors, including negative sentiments.
- Alerts: RFI services will also search, research, and investigate any alerts related to internal or external monitoring. This process can look different depending upon the results but may include open-source research, direct threat actor engagement, and technical signature analysis.
- Organizational Awareness: Any report findings often impact multiple business divisions. Dissemination of this information and any action plan is crucial to all relevant team members and business units.
And while this general outline provides the standard key items in an RFI, the process itself can be complex. Depending upon the threat, certain information may be required within days, such as after an attack event. In other instances, it may take longer than a month to complete the RFI process. However, timeliness is crucial no matter what the timeline is. Since threats evolve continually, the speed with which an RFI can be comprehensively executed is crucial. Still, it is not the only component in ensuring you select the right RFI provider.
Considerations When Partnering with an RFI Service
There are many factors to consider when you are looking for an RFI service. As mentioned, the speed with which they can conduct an RFI is essential – especially if you are responding to an attack. In achieving this, you want to partner with an agency with sufficient resources to hit the ground running and meet your time needs. Moreover, you will want to consider how frequently you want reports conducted. Some companies receive threat intelligence reports daily. The more time you spend on threat intelligence, the more you will be able to address any deficiencies, but it all comes at the cost of resources. And most companies have to balance their resources and threat requirements to identify an ideal timeline for updated reporting.
Additionally, any company looking for an RFI service will want to consider their other intelligence sources. Despite the RFI format being a finished intelligence report, it isn’t the only data or intelligence most companies will use. So, before selecting an RFI provider, you will want to consider what other intelligence sources you currently have and what you are missing. Generally speaking, you want to partner with someone who can fill in the gaps rather than supplement your current intelligence.
And filling in these intelligence gaps often relies on the service provider’s data collection strategy. Accurate and thorough RFIs have to have data from sources that the provider can access. And while it is impossible to identify all of the possible intelligence gaps, it is a good idea to identify sources that may yield crucial threat intelligence, such as:
- Closed sources, including private or invite-only forums
- Chat services and platforms
- The dark web
- Marketplaces, including illicit marketplaces
- Payment card and account shots
- Paste sites
- Domain registries
- Commerical data, people databases, and public records
- Social media
- Compromised hosts and botnet victims
- RDP traffic, open ports, scanners, proxies, spam domains, user agents
- Beacons, malware, banners, honeypots
- PDNS, mobile, ISP data
As you can see, RFI services address a wide array of threats across a defined scope. Consequently, this process requires many technical and analytical skills, including but not limited to analysis, forensics, engineering, networking, linguistics, sociology, and journalism. The culmination of these skill sets is that threats can be put into the appropriate context, and actionable items can be identified.
Because of the requirements of comprehensive data collection and analysis, it’s crucial to select an RFI service provider with the knowledge, skills, and expertise to complete all of these tasks within your defined time frame. With the right RFI provider, you can unlock the full potential of data and identify ways to protect your company in an uncertain environment.
To learn more about how robust RFI services can be the key to protecting your company, contact Sagacent Technologies today. Sagacent Technologies is a premier managed IT service provider in the San Jose area.