Clients of all sizes,
from big to biggest
Qintel's data and products have been leveraged by organizations all over the world with spectacular outcomes.
Clients stay with Qintel over the long haul, thanks to the consistent wins and value they derive from the relationship.
So much data, so many use cases
With a data repository like Qintel’s, customers have the luxury of using it to successfully attack disparate problems. Here are some of the various ways in which customers have leveraged Qintel’s products.
- Physical Security
- ID Management
- Business Intelligence
- Intel Management
- Case Management
- Security & Operations
- Discover Fraud
Customer was able to vet interns and new employees against Qintel data and some candidates were found engaged in activity that could've posed insider threat issues.
A long-time client used Qintel’s data to vet visitors to its facilities and discovered that a member of a cyber crime community known for recruiting insiders to access customer information had visited the company’s campus. Qintel also discovered additional visitors with nefarious cyber crime backgrounds that posed risk to the organization by allowing them physical access as a visitor.
Most new account signup fraud is perpetrated using proxies and newly registered emails. Using Qintel’s data, clients can detect about 80 percent of emails used by “normal” Internet users (in other words, flag emails that have no history) and determine if the IP address is a proxy. This data can provide positive and negative signals for clients to make risk-based decisions on the new account (such as adding additional checks, limiting activity, etc).
This insight has saved Qintel eCommerce customers millions of dollars in chargeback activity.
For users with data in Qintel’s systems, Qintel can also provide historical IP usage information to shed light on suspected location and proxy usage.
One customer had been engaged in a multi-year investigation of a cyber criminal actor, but was unable to attain attribution details. After being introduced to CrossLink, they were able to unmask the criminal in hours. This is a common refrain: CrossLink compresses investigations from months/years to mere hours, thereby saving incalculable amounts of time and resources.
A client acquiring a foreign company had Qintel perform due diligence on the acquisition target. Qintel discovered that the company being acquired had been previously breached and that it went undisclosed. The client used this information to better understand the risks of acquisition, push a disclosure, and perform an investigation of the company’s network.
Clients often drown in alerts from traditional threat intelligence platforms, but have no context as to which ones to take seriously and which to ignore. The CrossLink platform, informed by our active collections, contains curated information around cyber threat actors to quickly assess their abilities. Moreover, the platform allows clients to quickly move through data to build a picture of an adversary in minutes.
Qintel recently onboarded a younger client that is rapidly growing its various cyber security teams and has run into the inevitable problem of sharing data across the company in an organized fashion. After adopting CrossLink, the client now relies on the built-in and shareable “Investigative Folders” to easily distribute information across teams and organizational chains about security incidents, fraud, etc.
Security & Operations
When it comes to vulnerability patching, all clients need to make decisions about where to focus their limited resources to deploy patches. Qintel provides a Patch Management Portal and feed to clients to help inform this process. These data are curated from Qintel's unique technology visibility and data collections and ONLY focus on vulnerabilities being actively exploited; in other words, the ones clients should expend resources on.
Following the switch to remote work, one client used QSentry’s list of proxy IP addresses to protect access to its corporate VPN and discovered one employee accessing the system with an identified proxy. It was discovered that it was not the employee and that their account had been taken over previously.
Consumers of the QWatch feed, which consists of compromised data harvested directly from the cyber underground, discovered at least 5 million user accounts that could be compromised on a yearly basis.
Using CrossLink Alerts to Discover Fraud
Using alerts in CrossLink, Qintel has had numerous customers identify stolen accounts being sold in the underground. In one instance, an actor posted a screenshot of an account worth over $700K that they were trying to sell. Qintel was able to send the screenshot to the client, which had enough detail to identify the account. Shortly after that, an attempt was made to move money from the account, which was prevented.
many Types of clients, same success
While adversaries come from across the globe, with diverse skill sets and motivations, their points of entry and attack methodology can often be collapsed into a few core vulnerabilities: exploiting credential-based access and vulnerabilities in software, social engineering targets, creating synthetic identities, and relying on anonymization networks to evade detection. Qintel’s clients can tap into a powerful collection of tools that expose these abuses and address their individual needs.
We came from Law Enforcement and know the challenges.
Qintel provides the data services that our government clients use to fight crime and protect critical infrastructure. We collect intelligence on cyber threats ranging from the actors engaged in fraud, network intrusions, spam, botnets and other economic crimes to actors and infrastructure used in sophisticated attacks. Our advanced collection methods combined with deep coverage of the cyber underground give our government and law enforcement clients the intelligence they need to positively identify the actors, their techniques, and the infrastructure. Furthermore, our coverage of dark web spaces can lead law enforcement to child predators, drug dealers, and other violent criminals.
At Qintel, we take pride in developing our solutions from the ground up. Our services and products help Law Enforcement outpace the cyber criminals and get the head start they need to protect the public.
We rely on the input of our employees and feedback from our customers to help drive our research and development resources. A significant number of Qintel staff are alumni of many US and foreign law enforcement organizations or Federally Funded Research and Development Centers (FFRDC). Because of this, we have unique insight in how to support your organization’s mission, investigations, cases, programs, and so on. We always think about what it is like to be in your shoes because we once were. We understand challenges we faced on the inside and deliver products and solutions to help you and your organization address those challenges.
It would be an understatement to say that Qintel’s financial customers have the most to lose from fraud. One account takeover (ATO) paired with a successful funds transfer could lead to millions in losses for traditional financial institutions like banks and brokerage firms.
Mapping the pieces necessary to execute this fraud involves a number of components, including stolen credentials, proxies, and recipient accounts. Qintel has solutions for all of those pieces: preventing ATO with QWatch, allowing customers to pick up suspicious account activity with QSentry, and investigating incidents and surfacing chatter around eminent fraud with CrossLink.
Companies in the financial technology space have also been increasingly at risk for not only ATO actively, but also being used as a vehicle to cashout stolen financial instruments. Qintel provides QAuth services to these companies to help authenticate and vet new users.
Online retailers have a unique risk position, especially for those platforms that facilitate transactions between buyers and sellers. Buyer are obvious targets for account takeovers and fraudulent purchases, but seller accounts are often the most prized objective. Some use them to sell fake items, luring in unsuspecting buyers. Others use seller accounts to launder funds made from selling non-existent goods to fake buyers with stolen financial instruments or to unload counterfeit goods.
The tools necessary for this activity are similar to those used for Financial fraud: stolen credentials, proxies, data to fake accounts as well as mail drops. Once again, Qintel has solutions to help combat these problems.
Due to chargebacks, it is perhaps more important for online retailers to know something about new users and try to limit whatever damage those with malintent can cause. Moreover, large eCommerce companies can detect millions of accounts using QWatch and detect a number of the precursors of ATO and fraud with QSentry, especially if focused on high value seller accounts.
Lastly, retailers can learn a lot about fraud trends from forum intelligence that is available through CrossLink.
Businesses within the tech industry are typically more nimble and heavily focus on the growth of their customer bases. Although all of these characteristics may ensure the success of a company within this sector, they also expose it to various types of risks that can threaten the organization. Compounding the issue is that businesses within the tech sector often become media darlings overnight, thus bringing them to the attention of malevolent actors who look to maximize their gains by attacking the most popular companies.
Customer growth can be muddled by fraudulent account registrations, thereby hurting corporate profits. Platform abuse can lead to a bevy of unexpected costs, loss of customers and diminished brand reputation. Account takeovers may prompt groups to weaponize an organization’s platform to effect a malicious agenda. And although some actors will target a technology company to profit, others will have more nefarious intentions and will look to either steal important trade secrets or disrupt the business in some other fashion.
All of these threats can be combated with the right data. The tech industry understands data better than anyone, and so does Qintel. Products such as CrossLinkTM, QWatchTM, QSentryTM and PMITM are all fueled with unique, invaluable and proprietary data that provide solutions to the risks incurred by the tech sector.