Level the Playing Field With Cyber Threat Intelligence
May 20th, 2021
Subscribe to our blog and stay up to date
Your company puts all kinds of money and resources into protecting itself from cybercrime, yet it never feels as though you’re effectively keeping up. Businesses often experience cybersecurity overwhelm in the wake of resource constraints, information overload, and a siloed view of the threat landscape.
Each day, security teams must weed through hundreds of thousands of IOCs (indicators of compromise) and potential threats to their organizations, and quickly determine which require further investigation or escalation. Having the proper context around these IOCs is mission-critical.
In this post, we will discuss the brand new experience and functionality IntSights has introduced within our Threat Intelligence Platform (TIP). These updates deliver enhanced IOC context and more to significantly streamline threat hunter and security analyst research and investigation workflows, whether they are working within or outside of the IntSights platform.
Threat Intelligence Paves the Way
The IntSights TIP helps Cyber Threat Intelligence (CTI) and Security Operations Center (SOC) teams automate their entire threat intelligence lifecycle — from data collection, processing, analysis, and enrichment, all the way to collaboration and dissemination. By centralizing the collection, management, and integration of dozens of threat intelligence sources in the operational environment, teams can streamline investigation and proactively block threats within their connected security devices.
IntSights has released a new, streamlined user experience in the platform, with all the relevant threat information a security analyst requires to investigate IOCs and cyber attempts presented up front for quick visibility, including when it was discovered, reporting sources, etc.
The new TIP experience and functionality benefit your team in three important ways:
Shortens the analysis and investigation process from days to hours. Newly expanded mapping capabilities on threat context enable you to deep dive into each indicator for further details, add investigation notes, and export the full map and details. This expanded threat context allows you to more easily understand the intent surrounding an indicator and prioritize those that pose the greatest risk. You can also easily share information and notes on specific indicators with team members for better coordination and more proactive security posturing.
Investigation and mapping an attack in the IntSights TIP platform.
IntSights’ recently-released Extend browser extension also shortens research and investigation times by bringing IntSights threat context on CVEs and IOCs to the web, wherever you happen to be doing research, including in your SIEM environment. In addition, IntSights has just released an updated bidirectional app for Splunk. IntSights customers can bring actionable threat intelligence into their Splunk environment for a holistic view of threats targeting their digital assets. The app also enables data from Splunk to flow to the IntSights platform for instant analysis and prioritization of credible threats, in either environment.
Simplifies threat research for rapid response. The Threat Library utilized by TIP is backed by a dedicated team of research analysts working behind the scenes to expand content and input up-to-the-minute intelligence on all the latest threat actors, malware, and campaigns, as well as trends and associated IOCs/TTPs, etc.
An all-new user interface brings more advanced search capabilities through regular expression (RegEx), also used in search engines to speed investigation time for fast results. Within relevant library topics, you can also now find details on MITRE ATT&CK framework Technique IDs (TIDs), a list of common tactics, techniques, and procedures (TTPs) used by threat actors in real-world attacks, and utilized by security professionals in developing specific threat protection models. Another new addition to the Threat Library topic cards are vulnerabilities (CVEs) used in specific attacks to help security teams prioritize any updates/patching that require immediate attention.
Enhanced cyber terms with MITRE ATT&CK framework, now in the IntSights Threat Library.
Having all relevant information on a threat in one simplified view speeds threat hunting and research timelines. In addition, security analysts can now take immediate action on particular threats by adding IOCs associated with specific topics to their security devices, without ever leaving the library. With this new feature, security analysts can research and instantly block any IOCs affecting their organization in one place.
Enables direct searches of the dark web. Security teams are constantly trying to obtain dark web intelligence so they can be proactive in informing employees and executives of potential threat vectors affecting the company. Unfortunately, they often can’t access these forums without masking their IPs and spending time and money cultivating relationships to secure invites. The IntSights IntelliFind tool changes that.
With IntelliFind, you now have immediate access to the dark web forums that IntSights threat analysts have carefully cultivated over time, giving you visibility into the largest, most extensive database of these sites. Directly search for chatter and potential attacks affecting your organization or industry within the black market, hacking forums, paste sites, and numerous other dark web sources. Track threat actors, review postings on hacking forums or black markets, explore malware-related chatter, etc., and immediately discover how they pertain to organization-specific assets and mentions across the entire intelligence surface.
Existing TIP customers can access the new experience-expanded Investigation module, Threat Library, and the IntelliFind dark web search feature at no additional cost. Contact us today to learn more about these exciting new capabilities, as well as our new ExtendTM Browser Extension and Splunk app integration add-ons.
Yaron Paryanty is the Senior Vice President of Product at IntSights. He brings over 20 years of cybersecurity experience from a variety of engineering and product roles in the IT and I/OT industries Prior to joining IntSights, Yaron served as the Vice President of Product at Claroty and prior to that as Sr. Director of Product at CyberArk. Yaron brings unique experience in building vision and strategy, user experience, technology and leadership. In addition, Yaron holds a BSc in Computer Science from Bar-Ilan university in Israel.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.