Defensys has released a new version of the cyberthreat information analysis platform, the Defensys TIP 3.16. New release has a range of important updates. For example, the number of supported SIEM systems and firewalls has been extended. Defensys has also upgraded its own data source (Defensys Threat Feed), now Defensys Feed can independently identify links between entities, countries and industries of threat actors.
One of the Defensys Threat Intelligence Platform functions is reactive and retrospective search for indicators of compromise (IoC’s) within event flow coming from SIEM systems. The Defensys TIP platform can be integrated with famous SIEM and log management solutions, such as:
- IBM QRadar
- Arcsight ESM
- SPLUNK
- Arcsight logger
- Apache KAFKA
Additionally, Defensys expanded the list of supported third-party data security tools for IoC’s export. Detected IoC’s can be automatically exported to firewalls for further processing and protection of the network infrastructure.
The Defensys TIP team continues developing its own feed integrated into the platform. It automatically collects TI reports from trusted public sources and extracts key Threat Intelligence artefacts. The updated version of the Defensys Threat Feed has an 11 times larger dataset to train the TI artefact recognition model. Moreover, the accuracy of entity recognition has significantly increased: the model is now able to identify direct links between entities, as well as the countries and industries of threat actors and victims.
Frequently the information received from data providers lacks the context needed to analyze IoC’s and/or linked security breach events. As a part of a systematic expansion of context sources, the new version of Defensys TIP can now support two new enrichment services, UrlScan and URLhaus.
“Cyber intelligence data is a key element for threat analysis, so we constantly add new TI data providers to Defensys TIP – commented Andrey Chechetkin, Deputy CEO at Defensys – Besides, the Defensys TIP team will also continue to expand the list of supported data security tools, which is particularly important for cyber security”.