Healthcare leader matures its cyber threat intelligence function to better defend its patient-critical IT systems

A leading US-based medical technology company with a growing global footprint had recently established their CTI function. Still in its early stages, the team was small and relied on manual processes to collect and analyze open-source intelligence across multiple tools and platforms. This created a fragmented workflow, with analysts spending considerable time pivoting between datasets and assembling reports for over 20 internal stakeholders.

The lack of centralization led to inefficiencies and delays in the creation and dissemination of intelligence. Previous attempts to use news aggregators and platforms like Feedly proved to be inefficient, with the team finding themselves still using multiple platforms for their open-source intelligence collection. They needed a single solution that would help them to mature their CTI function, streamline operations and enable timely delivery of relevant intelligence – particularly around vulnerabilities in their technology stack and the security of internet-connected medical devices.

The company selected Silobreaker to provide a single pane of glass  for open-source intelligence (OSINT) collection, enhanced by access  to deep and dark web data sources. Initial use-cases focused on  cyber threats targeting the healthcare sector, including supply chain  monitoring, vulnerability tracking and the identification of threats  specific to their medical technologies.

Automated email alerts and exportable report templates helped reduce manual workloads and improve intelligence distribution to key stakeholders. Silobreaker’s AI capabilities have also played a crucial role. The team regularly uses the AI widget to accelerate research and leverages on-demand AI assistance for crafting high quality reports.

In recent months, the CTI team has prioritized the development of formal Priority Intelligence Requirements (PIRs). Using Silobreaker’s collaborative tools (including collections and in-platform commenting) they have built structured PIR workflows that allow them to track progress against defined intelligence needs. These tools have also improved internal communication, making it easier to triage findings and provide updates across the team.

With Silobreaker, the company’s CTI function now  operates with greater efficiency, effectiveness and maturity. The platform is a key part of their intelligence lifecycle – from collection and analysis through to reporting and dissemination. The team currently produces reports on a variety of topics and can easily cater to the unique intelligence demands of each stakeholder. Ad-hoc reports are built directly in Silobreaker and they are currently looking at further expanding their use of automated email alerting that require no manual input to keep both the team and key stakeholders updated on new developments around areas of interest.  

Key stakeholders, including the CISO and regional leads, are now receiving more timely and relevant insights – empowering the organization to better defend its patient-critical IT systems in a dynamic threat environment.