CYBER RECONNAISSANCE

You need more than

THREAT INTELLIGENCE
Cyber Reconnaissance gives you answers
GroupSense offers a risk-driven approach that aligns your intelligence program

to your unique risk profile and delivers actionable and relevant intelligence with

recommendations for risk mitigation.

AS SEEN IN:

Cyber Reconnaissance uses highly trained analysts, empowered by technology, to deliver GO RECON
threat intelligence specific to your digital risk.
 CYBER RECONNAISSANCE
CYBER RECONNAISSANCE DELIVERS
Get your threat intelligence not the world’s threat intelligence

RISK OPERATIONAL RELEVANT

INTELLIGENCE INTELLIGENCE THREATS
Your digital footprint is Get the truly actionable in- Get the threats that apply
putting you at risk. Iden- telligence you need, when to you. Get your threat in-
tifying and managing risk you need it. here’s simply telligence, not the world’s
has essentially become a too much to manage. High threat intelligence. Don’t
high-stakes effort of find- fidelity data comes from consume data that doesn’t
ing the needle (threats) in goal-driven intelligence apply to you. Get the
the haystack. collection. threats that apply to you.

THERE IS A BETTER WAY Organizations are

Threat Intelligence Isn’t a Data Management Problem. It is a Risk Intelligence Problem. overwhelmed by bad
Why make it harder than it needs to what fits you specifically. Then our
intelligence

be? The existence of a whole seg-
ment of platforms just to aggregate,
sort and prioritize this data is a clue
we’re on the wrong track.
There’s so much noise that we work
69%
analysts drive the collection from the
big data we’ve tamed and external Believe Threat
sources both OSINT and dark web. Intelligence is
We deliver the finished intelligence too complex
so you can act on it internally or we

harder filtering than collecting.
We need to turn the problem around.
Cyber Reconnaissance is goal-driven
threat intelligence. We start with
83
can act on it as the case may be.
Asking the machine the right ques-
tions and knowing what to do with
% Need another
tool to handle all
the answer is where we excel. the data

THREAT INTELLIGENCE HAS BECOME FRACTURED

Understanding threat intelligence has become a game of sorting through the buzzwords to get to
the real story. We believe you need to use people to direct technology, not the other way around.

Feeding machine readable IP addresses & indicators to

MECHANICAL appliances (firewalls, IPS, IDS, SIEM)
Required/Low Value

R1
YE
Scanning, monitoring, alerting & risk scoring of OSINT, dark web,
TECHNICAL
LA deep web, social media, behavioral analytics & mobile Operational Intelligence
R2 & Risk Management
AYE HUMAN-DIRECTED Analysis & investigations for finished intelligence. Directed
L cyber intelligence (M&A diligence, 3rd party, risk management)

R3
AYE GEOPOLITICAL Nation-state intelligence for strategic espionage, APT
Important/Not Relevant
L investigation & bad actor attribution
R4
YE
LA
HUMAN-DIRECTED

Cyber Recon Our Tracelight platform is a Then our analysts drive the
TECHNICAL

highly automated, cloud-based collection from the big data we’ve

Merges the infrastructure performing

advanced, real-time data
tamed and both OSINT and dark
web. We deliver the finished
collection from the surface, deep intelligence so you can act on it
Operational Layers and dark web. internally or we can act on it.

4040 North Fairfax Drive, Arlington, VA 22203 | +1-877-469-7226 | sales@groupsense.io

 RECON RESULTS

THREAT INTELLIGENCE AS A SERVICE

• Dark Web Monitoring
• Phishing Protection
GroupSense offers seamless integration into both your security and business
processes. Simple to buy with zero lift. • Threat Assessments
• Mobile Application Fraud

Expert Analysts Curated Threat Intelligence

• Brand Protection
Top-shelf talent on your team Your dark net & deep web threats
• Fraud Protection
Relevant Monitoring Complete Capabilities • Finished Intelligence
Automated and continuously refreshed Maximize your investment
• Intel Program Development
Client Success Manager Dedicated Tech Manager
Your project manager on call Technical manager on call • Geopolitical Analysis
• M & A Cyber Diligence

INTELLECTUAL PROPERTY BRAND PROTECTION

A U.S. manufacturer with production in China had ongoing espi-
onage at the assembly line level. IP, trade and corporate secrets
were being sold on international underground markets.
GroupSense Results:
• Developed Prioritized Intel Requirements (PIR) to receive
any indicators and triggers.
• Infiltration of foreign forums and began automated harvest-
ing of transactions.
Success: Any IP for sale immediately tracked & reported.
A threat actor used social media circulate fraudulent survey
leveraging customer’s brand to collect unsuspecting customers’
PII and distribute malware.
GroupSense Results:
• Monitoring detected fraudulent domain and social media
posts. Initiated takedown of both.
• Notified customer with intelligence about threat actor,
methods and intent.
Success: Brand protected & customers protected immediately.

COUNTERFEITING EXECUTIVE PROTECTION

Top pharmaceutical company with multi-billion dollar IP assets.
Of course, the secrecy of drugs is critical before launch and
counterfeit drugs dilute product value.
GroupSense Results:
• Developed Prioritized Intel Requirements (PIR) to receive
any indicators and triggers.
• Infiltration of illicit and counterfeit drug forums & automat-
ed harvesting of transactions
Success: Customer alerted as IP was discussed.
Executive was target of doxing campaign by anonymous sub-
group that initially targeted a family member.
GroupSense Results:
• Real time collection of paste sites and dark web forums
allowed for real time visibility to unfolding campaign.
• GroupSense immediately notified customer and proactively
provided campaign updates and intel on new exposures.
Success: Reset executive’s accounts and assist in identity
protection for executive and family.

THIRD PARTY RISK BREACH RISK

A large organization received an email from a threat actor claim-
ing to have source code and database contents of the compa-
ny’s European business.
GroupSense Results:
• Threat actor was verified and tracked as a subcontractor of
a contractor.
• With all the information provided, the client was able to
make sound decisions on how to pursue this case.
Success: Saved time, money & provided a complete answer.
A full SQL data dump of a state’s Department of Financial Regu-
lation was detected on a malicious forum on the dark web. The
file dump needed to be analyzed to identify for threats.
GroupSense Results:
• The information discovered led us to believe the threat
actor group was the responsible group for this breach.
• We determined it was an old backup of the Drupal database
for the Department of Financial Regulation.
Success: Threats were contained and continued to be tracked.

4040 North Fairfax Drive, Arlington, VA 22203 | +1-877-469-7226 | sales@groupsense.io

 RECON PRODUCTS

CYBER RECONNAISSANCE PRODUCTS

Cyber Recon Delivers Better Threat Intelligence
DARKRECON BREACHRECON ALLYRECON VIPRECON
Monitoring deep, dark Monitoring and alerting Assess the risk footprint Digital risk monitoring of
and surface web to of third party data and security posture of key personnel with
detect exposure of your breaches impacting your key business relation- telemetry and risk
sensitive data, secret employees’ emails, us- ships to get a handle on metrics. It provides broad
projects and initiatives, ernames, and personally external risk introduced coverage of social media,
privileged users, critical identifiable information. through your extended deep and dark web, as
systems, IT infrastruc- attack surface. well as physical threat
ture, and more. assessments.

TRACELIGHT: STREAMLINING RESEARCH AND ANALYSIS

Tracelight is a cyber reconnaissance platform centralizing threat intelligence from deep and dark web data, threat actor tracking, attribu-
tion and the world’s largest breach database into a single location. Supported by rich investigative and analysis capabilities, intelligence
analysts can respond faster with comprehensive and actionable advisories.

AUTO & MANUAL DEEP/DARK SOCIAL MOBILE APP OPEN SOURCE CUSTOM
INFILTRATION OPEN WEB MEDIA MARKETPLACES TOOLS SOURCES

Tracelight provides enriched data from millions of sources, as well as tailored access for customer-specific use cases. The system contin-
uously collects new data and provides timely alerts on important findings. Supercharge your threat intelligence with:
• 5+ years of historical data • Closed forum infiltration
• Crawling of illicit forums and other sites on the • Threat actor tracking and research
deep and dark web • Attribution

ABOUT GROUPSENSE
Actions are louder than words. We are changing the way cyber intelli-
gence is delivered and put into action.
GroupSense is a leading provider of cyber intelligence services. Group-
Sense is not a feed, or a search engine for the dark web. GroupSense
are people, empowered by proprietary technology, helping information
security and intel teams realize value.
We are trusted by governments worldwide to assist in cyber intel
program development, election monitoring, and anti-fraud and risk
measures.
GroupSense tracks known and suspected threat actor and groups,
publishing research. Our team reaches out to affected organizations
regardless of customer status.

4040 North Fairfax Drive, Arlington, VA 22203 | +1-877-469-7226 | sales@groupsense.io