A Deeper Look at Visa and FireEye’s Threat Intelligence Portal

Rolling out over the next few weeks is Visa Threat Intelligence (VTI), powered by FireEye – the security intelligence platform designed for any organization managing payments. A video walkthrough of the VTI portal can be seen below, but we wanted to present the key types of Threat Intelligence – such as the FIN1 report we released today – that will be on offer, along with the Visa and FireEye teams behind the research.

At its core, this subscription service is designed so security analysts can receive and provide the latest cybercrime-related Threat Intelligence in one central location. The main hub of VTI – the ‘Briefings’ section – serves as an easy-to-use inbox for the latest information, and through the ‘Circles’ section, businesses can create private social channels for users to share Intelligence amongst their partners and peers.

VTI-powered businesses will receive three different forms of Intelligence produced collaboratively by FireEye and Visa, as well as additional information from industry peers and a curated list of third party sources.

  1. ‘Threat Bulletins’ are daily short summaries of noteworthy crimeware and events that have been affecting the retail and financial sectors. The bulletins will also include new developments on underground forums and quick snapshots of other related activities.
  2. ‘E-Crime Reports’ are released weekly and will provide users with a more in-depth look at developments in cybercrime. This is largely original research, unlike the summaries of other relevant findings that users would expect to see in the ‘Threat Bulletins.’
  3. Once a month, subscribers will also receive a strategic report that chiefly focuses on a single aspect of cybercrime. Some of these will contain actionable intelligence and others will be more of an in-depth evaluation of a certain threat. Users may also be provided recommendations, as well as a look at trends and bigger picture issues.

Some trends that will be covered are emerging payments, how EMV rollout progresses, and how the risk environment changes as EMV becomes a bigger part of the U.S. market. There will also be coverage of mobile payments and POS malware, as well as various types of e-crime as it moves into new regions.

Additionally, some articles will be technical and include indicators of compromise that will be timely and useful at the operational level, while other articles will be more on the strategic side.

The ‘Circles’ section is where the social aspect of VTI comes into play. Users are automatically made members of the FireEye and Visa ‘Circles,’ but they are also able to create their own ‘Circles’ and join ‘Circles’ created by other users. This provides a private forum for users to share pertinent information with their peers.

It is simple to set up: Users who create a ‘Circle’ will get a code, then that code can be given to other users so they can join the ‘Circle.’ All members can share information. People with the same role at similar companies can get together to exchange content and indicators applicable to their subsectors

Aside from content provided by users engaging via ‘Circles,’ VTI is driven by some of the best resources Visa and FireEye have to offer.

For FireEye, those resources include data recovered when Mandiant performs an incident response in the retail and financial sectors, as well as data that FireEye collects from appliances deployed worldwide. On Visa’s side, information is coming from Visa’s network and external sources. Visa’s indicators come from active investigations being performed by the Payment System Risk group, as well as from research performed by Cyber Threat Intelligence.

And behind all of this is a team of extremely talented individuals led by Nart Villeneuve, Principal Threat Intelligence Analyst with FireEye, and Gregory Carson, Senior Director of Cyber Threat Intelligence with Visa.

Nart has been split between focusing on APT groups and cybercrime since 2008. One of his biggest achievements came in 2010 when he released his cybercrime report on the Koobface botnet. Some of Nart’s other research has been in fake AV affiliate networks, ransomware and spam botnets.

Greg has years of experience with top financial services corporations. Currently, he leads a team that analyzes threats, manages vulnerabilities, and takes heaps of information and filters it into actionable intelligence. He has experience handling breach investigations from alert to litigation, as well as managing compliance.

Visa Threat Intelligence, powered by FireEye, will initially focus on offerings for U.S. customers, with rollout efforts in Europe and Asia to follow in 2016. Click here for more information on Visa Threat Intelligence, powered by FireEye.