Cyber Threat Intelligence Services

Gain essential insight into how a threat actor may target your organisation with Rootshell Security’s continuous Cyber Threat Intelligence services. Implement fast, efficient, data-driven security strategy to fortify your security posture.

Let us Gather Actionable Intelligence for You

What is Cyber Threat Intelligence?

Cyber threat intelligence (CTI) enables your organisation to understand the potential threats and threat actors looking to perform malicious activities against your brand, employees, and customers.

Rootshell Security’s Cyber Threat Intelligence service arms you with the most relevant insights for identifying, mitigating, and preventing cyber attacks. We deliver this as a continuous service by providing you with monthly actionable reports.

Why is cyber threat intelligence important?

Your security strategy is only as strong as your cyber threat intelligence. Conducting cyber threat intelligence services will provide your organisation with a number of critical advantages.

View your threat intelligence alongside your other threat services

Prism is a vendor-agnostic platform to consolidate and manage penetration testing results, threat intelligence services, phishing assessment data, and traditional vulnerability assessments; allowing you to view your threat landscape and manage remediation within a single pane of glass.

Request Your Demo

What are the types of threat intelligence?

Our Cyber Threat Intelligence services utilise a range of important data sources. This includes the following types of cyber threat intelligence: Email Harvesting, Typo-Squatting, IP/Domain Blacklisting, and Compromised Account Harvesting.

Email Harvesting

Using public data sources, such as social media accounts, leaked email lists, or simply guessing, threat actors attempt to harvest your organisation’s email addresses for the purposes of launching email phishing campaigns.

We can use advanced open source intelligence (OSINT) techniques to establish how a threat actor could obtain your personnel’s email addresses, so you can gain visibility and mitigate your risk of compromise.


  • Thorough investigation spanning the surface, deep, and dark web
  • Harvesting using manual and automated OSINT techniques
  • Expert analysis and validation


Threat actors can register rogue domains that appear similar to those of genuine organisations. This is known as ‘typo-squatting’ and is used to launch a range of attacks, including phishing campaigns.


  • Cracks down on the registration of suspicious domains.
  • Continuous service offering greater awareness of attack indicators using early warnings and predictions of potential attacks
  • Investigates possible permutations of your domain that have been registered with ‘A’ records (IP addresses) and ‘MX records’ (mail addresses)

Domain Blacklisting

If your organisation’s internet infrastructure appears on bad-reputation lists, also known as ‘blacklists’, this could indicate infected or compromised corporate endpoints.


  • Regular analysis of a wide range of reputation lists
  • Leverages automation to quickly search and identify blacklist entries from hundreds of information sources
  • Rapid alerting when any nominated IP/Domains appear on our monitored blacklists

Compromised Accounts Harvesting

Usernames and passwords are regularly leaked on the web without users knowing. Threat actors can use these credentials to access your employees’ accounts, which could threaten your organisation. Our Cyber Threat Intelligence service continuously alerts you to compromised account credentials, so you can take action.


  • Regular analysis of a wide range of username and password lists
  • Leverages automation to quickly search and identify compromised accounts from multiple lists containing millions of username and password combinations
  • Rapid alerting when any nominated credential appears on our monitored lists
Discuss Your Threat Intelligence Requirements

How is security threat intelligence carried out?

We carry out our security threat intelligence process in the following steps.

  1. Scoping: We work closely with you to define the requirements for your cyber threat intelligence services, designing your service around your organisation’s goals.
  2. Gathering: We harness a range of automated and manual cyber threat intelligence techniques to collect valuable intelligence on potential tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs).
  3. Processing: We prepare our raw data points for analysis, such as translating information from foreign sources and evaluating it for relevance.
  4. Analysis: Once the data has been processed, we analyse it in line with your objectives.
  5. Reporting: We deliver monthly reports that provide a clear overview and breakdown of your insights. Our investigators provide a tailored analysis for your organisation and are on hand to give expert guidance.

Cyber Threat Intelligence and Incident Response

Cyber threat intelligence and incident response plans work hand in hand. Cyber threat intel plays a vital role at each stage of incident response.

  1. Preparation: Cyber threat intelligence helps you answer questions like ‘What sort of people would target my organisation?’ and ‘How would they execute an attack?’.
  2. Threat Detection and Analysis: On its own, an alert to a potential threat is not particularly helpful. Cybersecurity threat intelligence contextualises alerts, giving you the insight you need to take action.
  3. Containment and Eradication: Continuously tracking indicators of compromise (IOCs) empowers you to quickly identify and contain a breach.
  4. Analysis: Once the data has been processed, we analyse it in line with your objectives.
  5. Reporting: We deliver monthly reports that provide a clear overview and breakdown of your insights. Our investigators provide a tailored analysis for your organisation and are on hand to give expert guidance.

Why Rootshell’s Cyber Threat Intelligence services?

Our highly skilled and experienced team represent some of the best cyber threat intelligence minds in the UK, including ex-military counterintelligence.

  • Laser-focussed: We cut through the noise to deliver the most relevant, actionable, and tangible data that could lead to your organisation’s compromise.
  • Essential context: We help you understand the context and relevance of our findings, so you know exactly what action to take to protect your organisation.
  • Value for money: Our continuous service makes far better use of your budget than conducting one-off, isolated engagements.
  • Subject matter experts: Our in-depth knowledge of how threat actors operate, combined with decades of cyber threat intel experience, make us a trusted partner for your CTI requirements.
  • Continuous insights: Threat actors are constantly on the move — their techniques are ever-evolving. We deliver monthly cybersecurity threat intelligence reports so your organisation always has the upper hand.

Contact us today for Cyber Threat Intelligence Services

Let us Gather Actionable Intelligence for You