ISO27001:2022 Compliance
ISO 27001:2022 Annex A, Control 5.7 introduces the importance of adopting a structured approach to threat intelligence. By understanding potential threats, vulnerabilities and exploits, organisations can better protect their information assets and mitigate cybersecurity risks effectively.
Organisations looking to rapidly satisfy their ISO27001 threat intelligence requirements can rely on Talanos’ meticulous documentation, policies and procedures to evidence their compliance.
Ask us about our partner pricing for MSPs
Talanos believe that every organisation, no matter their size, should be able to afford access to our Dark Web and Deep Web intelligence. If you're a managed service provider servicing small and medium enterprises, you could qualify for substantial discounts.
Actionable intelligence.
Consolidating data from multiple sources, Talanos analyse the data and triage the incidents to determine their impact and priority. If an incident is determined to be a true positive, the team will then work to neutralise the threat on behalf of the customer. Finally, the contained incident (and its associated data) are raised with the customer detailing the findings, steps taken to resolve and any additional recommendations based on observed issues and indicators. For example, we've detected instances where:
- Staff have been using their corporate credentials on third-party and personal websites
- The personal machines of end-users are compromised by malware, leaking their company data.
- Default and simple administration credentials are being used.
- Critical systems are missing multi-factor authentication.
- Malicious insiders are leaking intellectual property to competitors.
Intelligence gathering and sharing.
Apart from a number of paid intelligence sources, Talanos also directly gather information and intelligence from a variety of other sources:
- Access to a number of dark web forums and Telegram groups.
- Open Source Intelligence (OSINT).
- Closed and government threat intelligence forums.
- Vendor, industry and community based intelligence sharing.
Talanos also contribute anonymised threat intelligence to the communities to which we belong.
Understand your exposure, speak with our threat intelligence team.
We're working to embed our values into everything we do and our customers notice:
No surprises!
- Transparent pricing, no hidden costs and focused on measurable ROI.
- Streamlined and flexible contracting, ensuring ease of doing business.
Talented People.
- Exceptional people backed by robust security and quality delivery systems (ISO 27001 and ISO 9001 accredited).
- Passionate about cyber, demonstrated by industry-leading certifications and groundbreaking research.
Always There. Always Caring.
- Named analysts who become an extension of your team, offering expert advice and proactive recommendations.
- Global 24/7 team delivering resilience and diverse thinking, supported by regional teams for the local touch.
Questions
Frequently Asked Questions
What does Talanos do when they discover leaked credentials?
What does Talanos do when they discover leaked credentials?
Our process when discovering any vulnerability is to actively exploit it in a non-destructive manner that protects the confidentiality, integrity and availability of related data. The purpose is to evaluate the associated risk and assess whether the vulnerability has been previously exploited for malicious intent.
Explicit permission is gained from the customer beforehand to:
- Attempt to exploit known vulnerabilities in a non-destructive manner and;
- Attempt to login with breached credentials;
so that Talanos can evaluate the risk per discovered item and rate the severity of incidents raised.
Is your threat intelligence data sourced ethically?
Is your threat intelligence data sourced ethically?
Yes. The intelligence that is directly gathered by Talanos, including that from our Dark Web forum and Telegram group memberships, is gathered ethically. We never purchase data from illegitimate sources or participate in activities that would result in the compromise of an organisation's CIA of assets.