Many in the marketplace today serve up data and information as intelligence. They focus almost exclusively on collection and collection feeds to some sort of visual tool that presents pictures of links, some with trends and a few with patterns and tendencies. They call this analyzed intelligence. However, we know that intelligence analysis requires significant skill. These are skills that almost all do not have since they do not recognize what intelligence analysis really is. Treadstone 71 is experienced and skilled at intelligence analysis. Our methods followed traditional structured analytic techniques that require patience, perseverance, aptitude, and skills. Attributes highly sought after in the industry but seldom found. Treadstone 71 drives research and extracts data from both the surface internet and the darknet.

• Treadstone 71 uses analytic tradecraft and standards, including alternative analysis, new analytic tools, and techniques, driving collaboration amongst collectors/researchers, analysts and stakeholders.
• Provide stakeholders with collaborative and transparent views of our analysis.
• Prepare stakeholders, principals, and clients with the intelligence needed to make decisions.
• Use subject matter experts to fill collection and analysis gaps.
• Treadstone 71 helps you determine the state of the collection, analysis, or intelligence operations resource gaps.
• We develop and publish intelligence that identifies and formulates strategies to mitigate gaps; advise stakeholders of gaps, mitigation strategies, progress against the strategies, and assessment of the effectiveness of both the strategies and the closing of the intelligence gaps.
• Treadstone 71 helps your intelligence team Influence organizational policy development and strategy implementation for information security, risk, and governance.
• We develop analytic production strategies in concert with your cyber threat intelligence team ensuring the examination of major shortfalls on your target areas of responsibility within a collaborative community of interest.
• We assess, evaluate, and determine the state of analysis by assessment of the quality of analysis and ensure you conduct competitive and alternative analysis on high-priority topics.
• Identify research and developmental opportunities to defend, advocate for, and institute justifications for continued, additional or dedicated funding.
• We help you liaise with internal intelligence communities to drive greater intelligence integration, perform outreach, and give resources and priority attention to targets.
• We direct and oversee advocacy initiatives to integrate and optimize contributions from current and planned technical, analytic, and openly available sources.
• We enable you to manage a professional staff in successfully defining and managing complex programs and projects that may include ill-defined requirements, ambiguity, parallel tasks, multiple dependencies, high risks, and multiple interfaces; ensure timelines, costs, deliverables, and the achievement of defined outcomes according to approved plans.
• Treadstone 71 teaches and trains you to strive for superior analytical and critical thinking skills, including the ability to think strategically and identify needs, requirements, and develop innovative recommendations and solutions for improvement.

Treadstone 71 Collection and Analysis is not compartmentalized but directly engaged as a single unit. Continuous feedback loops and constant communication ensure rapid changes to collection plans and advanced adversary targeting.

Contact us now to learn more about our annual retainer services tiered for the level of support you need. Treadstone 71 Research, Analysis, and Reporting retainer services provide contextually detailed reports and assessments based on your intelligence requirements and stakeholder needs. We shift quickly. We do not change order you to financial ruin. We deliver intelligence and not daily news.

• We research sets of standardized queries related to cyber threats for clients on a regular basis (daily, weekly, monthly, quarterly) while producing (peer-reviewed) finished intelligence reports addressing priority intelligence requirements.
• We provide full cyber intelligence lifecycle support from stakeholder interfaces and management, intelligence requirements definition, collection and research management, planning and execution, data and information production, structured analysis, analysis, and analytic writing and delivery.
• Track intelligence trends across industries and technologies and generating effective and efficient ways to collect and analyze.
• Proactively monitor and analyze the cyber battlefield and the assessment of intelligence risk and applicability to the client.
• We model and analyze the likelihood of emerging threats defining their motivation, impact, and capabilities relative to the organization.
• We author intelligence advisories, estimates, warnings, executive and strategic reports, and briefs with recommendations to risk and technology team.
• We enable intelligence sharing and engage with other functions providing input and requirements to influence threat mitigation strategies.
• Collect and analyze information from various sources, including open-source reports, information sharing partners, and intelligence vendors.
• We synthesize findings to assess adversary threats to the organization.
• We develop global technical expertise on threat actors, attack trends, and attack tactics, techniques, and procedures (TTPs) while leveraging 30 years of expertise to identify novel techniques and their ability to bypass common security controls.
• Provide situational awareness on the current threat landscape and the TTPs associated with specific threats to your business.
• Conduct trending and correlation of cyber intelligence for the purposes of attribution and set up strategic countermeasures.
• We create procedural, intelligence-driven internal, and external interfaces with stakeholders and teams building RACI models and clear methods of communication.

We collect - We organize - We decompose - We prioritize - We analyze - We think - We report - We deliver - Iterative lifecycle methods incorporating objective analysis with intuition and structured methods of analysis - Since 2002

• High Wealth Intelligence Assessments, Monitoring, and Remediation
• Cyber Intelligence Attack Surface Assessment
• Targeted Adversary Research - Research, Warning, Estimative Reporting
• Targeted Adversary Mitigative and Retributive Operations
• Information Operations
• Anonymity and Persona Development
• Corporate Leadership Attack Surface Assessments
• Corporate Attack Surface Assessments
• Customized Targeting and Reporting / Monitoring
• Culturalnomics - Social-Linguistic-Political-Religious Subject Matter Expertise
• Deception Planning and Management

Treadstone 71 is your source for Analysis as a Service. We do collect. We do organize and produce but our specialty and focus is on intelligence analysis. Many indicated that they analyze intelligence. Treadstone 71 produces intelligence after analyzing data and information. We create bottom-line-up-front recommendations and opportunities – actionable intelligence. Our process is rigorous yet flexible. Our objectivity upheld as a baseline ethos of the methodology.

Treadstone 71 provides liability free, cyber intelligence services to select clients. We will help you improve your security posture, enhance business acumen, investigate adversaries, verify and validate sources, assess the high value and high-income targets, or examine areas of compromise and exploitation. We use honed cyber intelligence and analysis tradecraft to define and execute priority intelligence requirements from operational planning through campaign execution.

The Treadstone 71 Analysis as a Service you will not find elsewhere. If you are searching for intelligence analysts, come to the shop that focuses on analysis. Uncluttered, focused, skilled – Treadstone 71 Analysis as a Service.

Below is a short listing of our Targeted Research Services:

• Baseline and foundational research customized to client requirements.
• Deep-dive intelligence reporting covering cyber threats that are target centric.
• Adversary reports covering detailed assessments of threat actors, TTPs, patterns, timelines/chronologies
• Strategic Intelligence Assessments covering business risk issues targeting senior level stakeholders assisting in their decision-making process.
• Onsite General Intelligence Briefings on current events, actors/adversaries
• Onsite Customer Intelligence Briefings on targeted topics which may include STEMPLES Plus and Indicators of Change
• Onsite Report Clarification Briefings - General and Customized by Bronze/Silver/Gold
• Sensitive Intelligence Briefs (TLP Orange and Red)

Please complete the Contact form to receive the Data Sheet

CyberIntellipedia

This wiki is an online system for collaborative data sharing built and used by Treadstone 71 to aid in building Cyber Threat Intelligence programs while establishing intelligence sharing and communities of interest. The Treadstone 71 Cyber Intelligence Training Courses led to the establishment of CyberIntellipedia, a wiki consisting of multiple sections covering strategic planning, policies, procedures, templates, taxonomy, examples, dossiers, finished intelligence, estimative intelligence, open-source tools, adversary research, process flow diagrams, reporting, analytic tools and methods, threat intelligence TTPs, and more. From job descriptions and C-Suite presentations to cyber intelligence maturity models and threat matrices, Treadstone 71 is now selling the CyberIntellipedia to the public beginning December 20, 2019. Initial access is screened with tiered pricing. Tiered pricing includes full access to access to the forum area. We are seeking beta testers to participate in the review at discounted pricing.

CyberIntellipedia aligns with the Treadstone 71 Cyber Intelligence Training Courses including aspects of cyber intelligence tradecraft and cyber counterintelligence tradecraft. The wiki follows the intelligence lifecycle providing in-depth documentation for each aspect of the iterative process. We continue to enhance and build CyberIntellipedia including adding a historical cyber adversary component covering attacks, adversaries, their methods, tactics, techniques, and procedures indexed for rapid search.

CyberIntellipedia delivers the tools necessary to build a sustainable program. The wiki gives users access to twelve years of effort demonstrating proven success for cyber threat intelligence strategies, operational efficiencies, tactical methods, and technical alignment. Organizations pay hundreds of thousands of dollars over years of labor to establish what is in the Cyber & Threat Intelligence Wiki - CyberIntellipedia. With guidance and time-based direction, clients can build a complete intelligence program, educate stakeholders, staff, and leadership, without the usual massive outlay for time and materials, and commitment to constant consultant change orders.

The core functions of the CyberIntellipedia are:

• Enable organizations to quickly understand, adapt and adopt standard cyber intelligence community concepts while pragmatically incorporating cyber intelligence program build solutions incorporated in the wiki.
• Information Sharing and Safeguarding— improve collaboration while protecting information.
• Leverage Cyber Intelligence Training from Treadstone 71
• Consolidate existing and future intelligence requirements into an effective and efficient cyber and threat intelligence ecosystem to enable greater intelligence integration, information sharing, and safeguarding.
• Provide the intelligence workforce with discovery and access to information based on mission need to deliver timely, tailored, and actionable information.
• Nurture a culture of innovation and agility that advocates the sharing of ideas and resources adaptable to the changing environment and promotes best practices across the intelligence groups.
• Prioritization of threats that influence which potential threats get addressed by security organizations and how network security resources are allocated.
• Collection management is streamlined, and organizations can better communicate their requirements to partners and stakeholders.
• Cyber threats are widely communicated to the organization, integrated with other intelligence functions, and stakeholders are aware of the most relevant threats.
• Cyber threats are proactively monitored and prioritized, with updates available to inform stakeholders and leadership.
• Analytical production aligns with organizational goals, priority intelligence requirements, emerging threats while maintaining awareness of geopolitical and socio-cultural events that impact the cyber environment.

Why the CyberIntellipedia Wiki?

Wikis are about as simple as can be. That simply means that people find them easy to use, just like e-mail and blogs. Like e-mail and blogs, wikis also perform a very useful service in a simple way. A wiki allows a community of interested people to enter and communally edit shared data. Although the documentation included in the full package is open for peer review and suggested changes, that documentation is under the auspices of Treadstone 71. Customers may wish to license the complete CyberIntellipedia library for their own use. Treadstone 71 has a model in process for such a need. Our hope is for the cyber intelligence community of interest represented in CyberIntellipedia to present fundamental principles that guide the understanding of cyber & threat intelligence. Through open intelligence sharing, trusted users may wish to assist in coordinating proactive action towards common community objectives. The market is full of technologies driving technical solutions. CyberIntellipedia is a labor of love that is a full-spectrum, cyber & threat intelligence product designed as an in-depth knowledge-base gleaned from years of hands-on experience.

• CyberIntellipedia an overview of cyber and threat operations, operational design methodology, and planning, and execution.
• CyberIntellipedia includes a review of operational design doctrine and applies these principles to the cyber domain.
• CyberIntellipedia descriptively and prescriptively defines the cyber intelligence planning process and identifies intelligence lifecycle operations planning concerns.
• CyberIntellipedia provides an overview of cyber and threat intelligence programs, plans, operations, adversaries, and more taken from ten years of direct support to global clients.
• CyberIntellipedia includes case studies directly focused on cyber and threat intelligence operations.

Treadstone 71 is making the CyberIntellipedia available for public purchase beginning as a trial (December 2019) to iron out the kinks. Stay tuned for more information or contact us expressing your potential level of interest. For a complete, full-scope solution, see the Treadstone 71 Lifecycle product Conscientia.

Treadstone 71 - Serving you since 2002.

We See What Others Cannot

We are nothing like competitors who are rooted in defensive posture actions with a pedigree in reverse engineering malware and providing defensive solutions for that malware, and just plain do not understand what intelligence is and is not. Most come from anti-virus firms, information security companies, law enforcement, and many with backgrounds in incident response and security operations. What we provide is a complete focus on intelligence rooted in traditional tradecraft and fully integrated and adapted for the cyber environment.

We build cyber and threat intelligence programs rooted in the intent and capabilities of delivering data, information, and intelligence that forecasts and estimates adversary actions. Intelligence, that enables leadership, business units, and security functions to prepare and prevent malicious activity against your most important systems and information.

Established in 2002, Treadstone 71 is a pure-play cyber intelligence company. The programs we build span technical and tactical intelligence through operational and strategic intelligence facilitating internal and external communities of interest.

• we help you improve your incident detection, prevention, and response developing feedback to improve your cyber defenses
• we assist you in using you threat intelligence to help automate security operations and remediation actions enhancing your operational tradecraft<
• we guide you in the building of a centralized threat intelligence service that guides cybersecurity activities of other organizational units
• we drive efficiencies and effectiveness in risk management<
• we operationalize your threat intelligence from little to no processes to mature procedures, standard operating procedures, and workflows
• we ensure integration between all things PESTELI +R+E+ and existing technologies in your SOC
• we ensure you understand how to define credibility and relevance of your threat intelligence feeds that leads to truly actionable intelligence
• we assist you in understanding your attack surface and online footprint from websites to social media to the darknet creating new opportunities for targeted intelligence collection
• we help identify, infiltrate, and track adversaries providing information where and when possible to prevent attacks
• we understand geopolitical factors that helps prepare your cyber environment for current and future contingencies
• we learn the priorities of your adversaries and help you define a more assertive cyber posture for your organization
• we tailor strategies and programs based upon your organizational needs and the needs of leadership
• we teach and embed cyber intelligence tradecraft in your organization that is lasting following structured techniques proven in the intelligence community
• we educate and drive situational awareness through table top exercises based upon proven military methods adopted for commercial organizations
• we identify adversary front companies, their means, motives, and targets
• we look at adversary’s skills, motivation, maliciousness, types of adversaries, level of automation and rate, informational impacts, targets, defensive measures, adversary course(s) of action, operational impact, line of business impact, and attack vectors
• we create and maintain a presence on their virtual soil using virtual HUMINT methods to help identify your attack surface, your digital footprint
• we know methods of collection, organization/production, structured analytic techniques, how to determine source credibility, communicate gaps and confidence levels, analyze using standard methods of inference, deductive and inductive reasoning, apply clear process for critical thinking, and deliver product in standard analytic writing methods that is clear and concise
• we have been penetrating adversary sites, forums and social media since 2004 using both active and passive methods of cyber engagement – we have been in business since 2002
• we listen