Defensys introduced a new major version of cyberthreat information analysis platform, the Defensys TIP 3.0. The updated platform has a number of significant functional improvements. In particular, users now can apply more qualitative data for threat analysis because of a new source – the MITRE ATT&CK knowledge base. The feature of the IoC rating customization is also available now.
In the Defensys TIP v. 3.0 the developer expanded the volume of cyber intelligence data by integrating the platform with a new source – the knowledge base MITRE ATT&CK. You can get information about malware, threat actors and their techniques directly from the platform interface in the Threats section. Entity cards contain all the information from the knowledge base: entity descriptions, related tactics, synonyms of groupings, sub-techniques, links to web resources that present cases where hackers use certain techniques, as well as recommendations for detecting them.
In addition, the relationships graph displays data on the relationship of all entities from the new source with the IoCs and with each other. This is an additional analysis tool and allows you to track which techniques are used by different groups of hackers and what kind of malware is applied. The received information is also clearly represented in the indicator card, which lets TI analysts to quickly assess the attack stage, develop the incident response tactics and prioritize measures to be taken.
In the version 3.0, the Defensys made some important enhancements to the Threat Ranking section, adding the custom preset configuration to calculate the IoCs rating. This enables users to independently set the necessary values of such metrics as: extensiveness, data completeness and the promptness of their submission by the source. Thus, it is now possible to influence the calculation of the final indicator rating more precisely than in previous versions of the Defensys TIP.
“In the Threat Intelligence data analysis process, the IoC context is of great importance. Using data from the MITRE ATT&CK matrix directly in the Defensys TIP interface, cyber threat analysts are able to quickly assess and classify the tactics and techniques that criminals use. Working with this context provides a more complete picture of threats, helps to identify weaknesses in information systems, take the necessary protective measures, and improve the incident response process” – tells Andrey Chechetkin, Deputy CEO at Defensys.