The Palantir team, combining cutting-edge technology, OSINT and HUMINT capabilities and high-level intelligence skills is able to collect, analyze and report on any type of digital information 24 hours a day, seven days a week. But this collection is only the beginning.
What does Palantir deal with and what is its added value within the Threat Intelligence overview?
Palantir Security was founded by industry-recognized Software & Cyber Security experts to provide Top-Notch professional services in Cyber Security & Cyber Threat Intelligence.
On tactical and strategic levels, we are trusted providers of security advice by large enterprises, leading software houses, and innovative start-ups.
The Palantir CTI team is on the hunt, with the ability to collect, analyze, and report on any type of digital information 24 hours a day, seven days a week. Combining cutting-edge technology, OSINT and HUMINT capabilities, and top-level intelligence expertise, our team of Cyber Security experts and Intelligence Analysts gather information from multiple sources, diving into the deepest darkest corners of the internet to expose hidden threats to our client's assets.
Information gathering and collection are just the beginning. Palantir Security's expertise in providing professional cyber security services enables us to offer a "security umbrella" with a wealth of knowledge while also engaging in ethical hacking, exploiting/simulating actual hacker activity based on the intelligence data gathered, and other sophisticated attacking scenarios would ensure resilience.
In the last year, Palantir partnered up with Cognyte’s Luminar Cyber Threat Intelligence (CTI) platform which enables SOC teams (e.g., CERTEGO) to run a proactive and analytics-driven CTI operation. With access to research capabilities, know-how, and threat intelligence repositories, SOC teams can accurately identify external threats, prevent attacks, and ensure resilience.
In anticipation of the Dora Act, how will the use of information for companies in the Finance world change?
Financial companies are deeply dependent on the use of information and communication technologies. Therefore, those companies are much more vulnerable to cyber-attacks or incidents. The DORA Act should ensure that all stakeholders in the financial sector have the necessary security measures in place to prevent or mitigate ICT-related cyber-attacks and other incidents. The DORA Act emphasizes the focus on third-party risk management and underlines the need to take a more holistic approach beyond internal systems. The DORA Act is intended to improve this situation by increasing regulation across colocation, cloud, and third-party IT service providers that work with financial entities. These requirements will be backed by the ability to impose strict fines on service providers. Regulators can also terminate contracts between financial entities and third-party IT services providers if they determine risk to the stability or security of the financial network. Financial companies will also have more responsibilities under the new act, these include implementing comprehensive business continuity and DR plans, incident reporting, resilience testing, and third-party risk management. Even though the Dora is yet to be passed, Companies should start working on compliance today. Palantir Security services can support organizations from GAP analysis to full solutions (e.g. Palantir CTI & 3rd party monitoring) implementation. We have the skills and experience to help our clients meet the requirements of the Dora Act.
How aware are companies of the risk they run with the exposure of sensitive data?
The major challenge I believe organizations are facing is defining what data is sensitive data. I do not believe organizations are unaware of the hazards associated with handling sensitive data. Anything from personally identifying information, such as Social Security numbers, to banking details to login passwords might be considered sensitive data.
When this data is accessed by a hacker as a result of a data breach, users are at risk for sensitive data exposure.
Sensitive data exposure features in the OWASP Top 10 web application for security risk and as such a great opportunity for hackers. Organizations must be aware of the sensitivity of the data they handle and the risks posed by failing to put the right systems in place to monitor the data under their control. We observe that as more organizations recognize the significant costs associated with a data breach, bad press, reputational harm, downtime, and data loss of their clients' sensitive information, they take the necessary security measures and adopt technology to secure it.
What is the hypothesis of damage if the risks of overexposing information are underestimated?
Organizations are having many processes and procedures to identify, assess and manage risk, and many have adopted an enterprise risk management framework. The covid 19 pandemic had an immediate effect on how the organization changed the ways employees work and brought with it new cyber risks. Without appropriate considerations, this could fundamentally increase the risk of cyber security attacks and data breaches.
How can the Penetration Tests and Assessments be used with the new Dora Act directives? How does Palantir fit into this scenario?
Palantir Security believes that our customers deserve the best, so we designed our service offering with them in mind. This ensures that we continue to create and maintain fully satisfied customers who receive personalized services from us that are tailored to our clients' needs over time (e.g., DORA ACT).
Years of industry experience have taught us the importance of keeping consistency and quality of service at the forefront of everything we do. To accomplish this, we developed and continuously refined a service working methodology with inherent quality control mechanisms that ensure our customers receive only deliverables that have successfully passed our stringent quality control gates and met the highest required technical standards.
DORA's primary goal is to ensure the financial sector's operational resilience. Companies must implement risk management processes to improve their cyber resilience. The Act establishes common standards for digital operational resilience testing in order to ensure that businesses are prepared when cyber threat incidents occur. The audit program should include a comprehensive set of appropriate tests, such as vulnerability assessments and scans, open-source analyses, network security assessments, penetration testing, and code reviews. Palantir offers a Cyber-Security Readiness program that ensures organizations have the necessary technological and organizational tools and methodologies in place to mitigate the risk of cyber-attacks, reduce the potential impact of such attacks, and increase client resilience.
Methodology for Palantir Risk Assessment and Pen Testing Assists in balancing changing risks and threat vectors with security controls and cost.
This necessitates a thorough understanding of critical assets in order to map out what should be secured and the business value in protection.
The PALNTIR Approach consists of several logical steps, such as defining key assets and technologies, conducting an assessment to determine the risk exposure profile, and continuing to develop a compliance roadmap.
Our Persistent Penetration Testing, VA scans, cyber threat intelligence (CTI), 3rd party vendor assessments, and Ethical Hacking assessments are given as part of a wider, continuous security solution designed to meet the requirements of the DORA Act.
What will the future of cyber security be like?
In today's more interconnected world, the COVID-19 pandemic's rapid adoption of remote work along with recent high-profile hacks have made cyber security a crucial part of daily life. An attacker may use automation, such as in self-driving automobiles, to their advantage.
It is time for enterprises to evaluate cyber risks and upgrade their cybersecurity framework in order to maintain resilient operations. It is more important to consider the organization's resiliency and recovery from a cyber-attack besides just if it is protected. Leadership must think more strategically about cybersecurity and cyber resilience while assessing potential cyber threats, comprehending various situations to be ready for new cyber disasters, and setting goals to increase cyber resilience.
