Brand Intelligence: The First Line of Defense for Threat Intelligence Teams

5 minute read

Threat intelligence is no longer reserved for large enterprises with 20+ person security teams. According to the latest Forrester Wave: External Threat Intelligence Services, Q1, 2021, “global security decision-makers now subscribe to an average of 7.5 commercial external threat intelligence services, which is up from an average of 4.2 vendors in 2018.” It is clear that the investment in threat intelligence has grown over the last 5 years across industries and organizations of all sizes.

Today’s digital threat landscape is vast and it can be overwhelming to know where to invest limited resources to effectively protect your organization and customers. Brand intelligence provides a first line of defense, focusing efforts on the specific assets and data related to your organization online that offer prime targets for cyber attackers. In this post, we will explore the emergence of brand intelligence and what organizations can do to protect their data, people, customers and reputation in our increasingly digital environment.

What is Brand Intelligence?

While Forrester and others have categorized many types of threat intelligence, brand intelligence is specifically focused on protecting an enterprise’s digital presence. Brand threat intelligence solutions collect and analyze data across public and digital platforms, including surface, deep and dark web, social media, mobile app stores and more with the unique focus on identifying risks to the organization’s brand, products and data. Typical use cases include impersonations of brands and executives, spoofed domains, account takeovers, phishing and fraud, credential compromise and data leakage.

Why Brand Protection and Intelligence Are a Security Challenge

The term brand has traditionally been associated with marketing. Growing brand awareness and fostering a positive brand reputation are important marketing functions, but as that promotion and reputation is increasingly defined by digital interactions, a security challenge has developed. From a security perspective, a brand consists of the digital assets and data associated with your organization that a customer engages with. These same assets and data are prime targets for bad actors looking to capitalize on your following online through impersonations, phishing attacks and fraud. 

When focusing on brand protection as a priority, a solution must encompass the identification and removal of impersonations (both corporate and executives), detecting and thwarting account takeovers, early discovery of breaches and quick remediation, hardening defenses based on early attack warning and more. Brand intelligence goes beyond gaining access to data and information to provide security teams with actionable intelligence not only to identify but disrupt attacks threatening the brand and enterprise. This involves analyzing multiple vectors of attack and integral response systems for immediate actionability.  

The Forrester report evaluated the 12 most significant vendors providing cyber, brand and vulnerability threat intelligence services. ZeroFox is not only included but is proud to be listed as a Strong Performer. Furthermore, Forrester designated ZeroFox as best in class for brand threat intelligence use cases and takedown services. 

That being said, our team of experts track and report on activity related to brand threats and have identified a strong correlation with the growth of external events. Due to the pandemic and social unrest, the increase in public surface attacks has resulted in a daily takedown request volume increase of 144% since March. Of the 4,025+ brands ZeroFox protects, we see over ten alerts a day on average, with roughly 8.36 million social media-related incidents over the past six months alone. Nearly 40% of the alert volume generated resulted in some form of immediate action, including automatic content remediation or a takedown. You can read more in the blog, “Turbulent Times Offer Bountiful Executive Impersonation Targets,” to explore this correlation further.

2H FY21 Alert Volume by Month for Brand Entities Across Social Media Data Sources
2H FY21 Alert Volume by Month for Brand Entities Across Social Media Data Sources
(Source: ZeroFox)

How Brand Intelligence Fits Into the Broader Threat Intelligence Strategy

As the need for threat intelligence has expanded, new players have joined the space with unique focuses on the three key requirements for external threat intelligence services that Forrester has identified: primary source intelligence, brand intelligence and vulnerability intelligence. The combination of these three solutions makes up a robust threat intelligence strategy, though organizations should focus on the category that meets the specific needs of their business.

  • Primary source intelligence. That is, “direct observations via incident response engagements and access to the sensors that observe threat activity.” 
  • Brand intelligence. Involves protecting brand reputation and an enterprise’s customer base. This includes not only the identification of brand risks but organic takedown services as well.
  • Vulnerability intelligence. Goes beyond simply passing on vulnerability information and focuses on “helping asset owners reduce the risk of vulnerability exploitation and application downtime.”

When it comes to brand intelligence specifically, the earlier an organization is enabled to intervene in the cyberattack kill chain, the better, as there will be more options available to control the outcome in rapid response. At a minimum, effective brand protection measures should: 

  • Monitor intelligence from attack planning chatter via dark web attacker forums;  
  • Continuously monitor for the staging of fake and potentially malicious domains as well as tactics to have them removed quickly;
  • Monitor for Authorization to Operate (ATO) owned social media accounts and remove offending content inline;
  • Correlate attack activity across Tactics, Techniques, and Procedures (TTPs), vectors, campaigns, as well as other vital elements; and,
  • Dismantle attacker infrastructure.

In the model below, you can compare a series of events and outcomes both with and without effective brand protection measures in place.

Join the Discussion and Hear from Forrester

Brand impersonations, leaked customer data, phishing and counterfeiting are on the rise; organizations must find ways to protect their external digital presence. Join ZeroFox on May 5th for a discussion with Brian Kime, Senior Analyst at Forrester, as we continue to explore the emergence of brand intelligence and what organizations need to look for when seeking solutions to protect their data, people, customers and reputation in our increasingly digital environment.

Brand Threat Intelligence: The First Line of Defense
Brand Threat Intelligence: The First Line of Defense

The Forrester Wave: External Threat Intelligence Services, Q1, 2021, will be available to those who attend. The full report details why ZeroFox received the highest score possible in the brand intelligence criterion, key evaluation criteria for external threat intelligence service provider considerations, and how ZeroFox compares to other threat intelligence vendors.

To learn more about ZeroFox’s threat intelligence solution, check out our video.


Subscribe to our Blog

Best practices, the latest research, and breaking news, delivered right to your inbox.