Defensys Threat Intelligence Platform

Automated collection, processing and monitoring of IOCs

Defensys Threat Intelligence Platform facilitates comprehensive management and use of threat intelligence, and also enables centralized collection and prioritization of indicators of compromise, enriched with additional context and direct output of ready-to-use data to security controls and systems.

Benefits

Facilitates TI management through centralized collection, normalization, prioritization and storage of threat intelligence data from multiple sources.

Accelerates incident investigation by means of additional enquiries, instant search across all available TI feeds and automated workflows.

Helps to reveal hidden threats via automated monitoring of SIEM using sensors.

Allows immediate threat blocking and minimization of possible damages by leveraging direct output of data to internal security systems.

Key Features

Collection & Processing

Defensys Threat Intelligence Platform collects threat data from multiple sources and performs their automated processing and prioritization. The software performs normalization and de-duplication of data across feeds and serves as a central repository for all threat data, eliminating manual and repetitive work.

Defensys TIP automatically aggregates threat intelligence data from multiple sources. The system has built-in integration with threat intelligence data exchange websites and services, such as:

  • Own Defensys Feed
  • IBM X-Force Exchange
  • AT&T Alien Labs Open Threat Exchange (OTX)
  • Group-IB Threat Intelligence
  • Kaspersky Threat Intelligence
  • ESET Threat Intelligence
  • RST Cloud Threat Feed
  • Defensys collection of useful open source feeds
  • And other sources

Context & Enrichment

Defensys TIP enriches data with additional context and performs additional checks and queries in the external services. More complete, detailed and accurate intelligence improves situational awareness and helps the analyst to better decide upon incident response and to take timely actions.

Enrichment services supported:

  • VirusTotal
  • Hybrid Analysis
  • OPSWAT Metadefender
  • Shodan
  • RiskIQ
  • MaxMind
  • Sypex
  • Ipgeolocation.io
  • Whois

Correlation & Analysis

Defensys TIP collects and correlates additional information associated with an IOC, including:

  • Reports on tactics, techniques and procedures (TTPs) of threat actors
  • Malware
  • Vulnerabilities used
  • Other associated IOCs

The analysis of the relationships facilitates correct interpretation of data allowing the analyst to understand the adversary and get the whole picture of threat.

Delivery & Response

Ready-to-use data is automatically delivered to internal security controls and systems ensuring immediate response and reducing false positives.

Monitoring & Detection

Defensys TIP ensures real-time monitoring and detection of relevant IOCs in the infrastructure and immediately notifies the security analyst in case of detection. The platform also supports retrospective search of data in the SIEM events using  sensors.

Automation

Defensys Threat Intelligence Platform automates all repetitive operations with IOCs including collection, enrichment, detection, data output and notifications eliminating manual routine tasks. It makes possible to completely automate the whole lifecycle of an IOC, from its collection to blocking by security tools, with the help of adjustable processing rules.