Threat intelligence or Cyber threat intelligence is information an organisation uses to understand the threats that have or are currently targeting the organization. This intelligence is used to prepare, prevent and identify cyber threats looking to take advantage of valuable resources.
Threat intelligence can help organizations gain valuable knowledge about these threats, build effective defense mechanisms and mitigate the risks that could damage their reputation. After all, targeted threats require targeted defense and ISMAC cyber threat intelligence delivers the capability to defend more proactively.
Threat Detection Rules
ISMAC comes wit built in 300+ pre-canned threat detection rules are provided to get you up and running. Typical queries include those for anomalies, aggregations, pattern matching along with threat intel/Mitre correlation, Indicators of Compromise (IOCs), Network intrusion detection system (NIDS) matching & asset vulnerabilities etc.
Threat detection rules can be configured to automatically create tickets in the Incident Response module and to notify stakeholders via most common webhooks or direct email.
Automated vulnerability assessment helps you find the weak spots in your critical assets and take corrective action before attackers exploit them to sabotage your business or steal confidential data.
ISMAC agents pull software inventory data and sends this information to the server, where it is continuously correlated with updated CVE (Common Vulnerabilities and Exposure) databases, in order to identify well-known vulnerable software.
Cortex Threat Analytics
Cortex solves two common problems frequently encountered by Security Operations Centre’s (SOCs), Cyber Security Incident Response Teams (CSIRTs) and Security researchers in the course of threat intelligence, digital forensics and incident response:
- How to analyze observables they have collected, at scale, by querying a single tool instead of several?
- How to actively respond to threats and interact with the constituency and other teams?
Cortex can analyze and triage observables at scale using more than 100 analyzers. You can actively respond to threats and interact with your constituency and other parties thanks to Cortex responders.
Malware Information Sharing Platform
The Malware Information and Sharing Platform (MISP) is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. MISP is used today in multiple organizations to not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks, frauds or threats against ICT infrastructures, organizations or people.