Defensys has updated Defensys Threat Intelligence Platform (TIP) to version 2.5. Key changes have affected the logic of enriching Indicators of compromise, working with the bulletin tool and vulnerability cards, and there have also been major changes in the system interface.
In the new version of Defensys TIP, the logic of enriching IoCs has been improved with additional context. Now users can configure the maximum number of days for storing enrichment data. After the specified period, the system will automatically re-request the enrichment data, which will help users process information related to indicators more accurately.
A significant part of the improvements in the new version of Defensys TIP is related to improvements in the bulletin tool. Threat and vulnerability bulletins are used to inform employees / community / customers / colleagues about new security threats, current vulnerabilities in software and hardware relevant to a particular infrastructure or organization. The platform now has the ability to create bulletins for multiple vulnerabilities, while in the new version it has become even more convenient to work with the vulnerabilities section: the presence of a bulletin and its identifier are displayed for each vulnerability.
In Defensys TIP 2.5, when viewing a vulnerability card, as well as when creating and editing a vulnerability bulletin, the entire structure of Common Weakness Enumeration (CWE) security defects is reflected, taking into account the attached elements. This will allow the user to understand better the relationship of the vulnerability with the CWE and therefore, send more detailed bulletins to special organizations.
When creating a vulnerability bulletin, the list of vulnerable software is displayed in the format “software name: software versions 1.x – 1.n”. This will greatly facilitate the process of finding the necessary software tools in the list, as well as increase the informative value of the bulletins.
Developers have made changes to Defensys Threat Intelligence Feed (Defensys TI Feed) –Defensys’s own feed that collects information about indicators of compromise and other entities from open sources. Now the names of threat subjects and the names of malware instances in Defensys TI Feed are automatically normalized and brought to a unified appearance, which will avoid duplication of entities.
In addition, there have been significant improvements in the system interface – it has completely changed. The updated version has unified interaction templates, with which it‘s become even more convenient to use the platform.
“Our main task is the constant development of the platform’s functionality. So, in the near future we are planning a number of functional improvements that will accelerate the process of implementing the Defensys TIP platform, as well as simplify the process of transferring incidents to the Defensys SOAR system. Moreover, we continue to expand the list of TI data providers available to our users, which allows SOC analysts to receive the most complete and high-quality information about threats, and also constantly develop the integration capabilities of the platform with up-to-date security tools,” – said Andrey Chechetkin, Deputy CEO of Defensys.