Defensys introduced Threat Intelligence Platform (TIP) version 2.0. This release introduces key changes in the mechanism of ranking indicators of compromise, integration with the Defensys SOAR, and the ability to obtain quality threat intelligence data from new sources.
One of the major updates to the platform was the improvement of the scoring model that calculates the score of the indicators of compromise (IoC). This new model calculates the score based on the statistical metrics. During the calculation a number of parameters are taken into account, such as IoC’s interconnections and all related context, how complete was the received data, and how timely it was delivered in comparison to the other connected sources. Also, the system takes into account if the indicator was found in the exception list or not. With this advanced TIP scoring model, monitoring center analysts can easily identify the most relevant and malicious IoCs and work with threats that are relevant to them.
Defensys TIP 2.0 has an improved integration mechanism with Defensys SOAR. Now the system is able to distribute the data about the detected indicators across the fields inside the incident card of Defensys SOAR. Also you can group indicators together when the mass detection occurs to send them to the Defensys SOAR. With this functionality, you have even more customization to the response process.
TIP 2.0 users will be able to receive threat intelligence from a new source. We proudly introduce The Defensys Threat Intelligence feed as a standalone service that automatically collects and processes TI reports from public sources, extracts indicators of compromise and related context from them, and transmits all the data to the system. When the Defensys Threat Intelligence feed service is connected to the platform, the user will have access to TI reports in human-readable format. The analyst will have information about all the important things associated with the report, such as indicators of compromise, attackers, malware, and other context. The report data can be analyzed and used to search for IoCs in the organization’s infrastructure or to integrate with other security tools. The Defensys Threat Intelligence feed helps you get high quality, comprehensive threat intelligence without wasting SOC analysts’ time processing pdf reports manually and then entering and linking the data into the system you are using.
“We have outgoing talks with our users and year after year we see that the needs of Threat Intelligence are becoming more and more mature. Expectations from TI platforms are growing. Users expect not just a data aggregator, but also mechanisms that will ensure data quality, automation of operations to search for IoCs, and integration with the internal cybersecurity ecosystem,” said Anton Solovey, product manager of Defensys Threat Intelligence Platform.