Out-of-the-box support for multiple data formats including STIX & TAXII and direct integrations into SIEM, firewall and active blocking tools enable automated prevention, blocking and remediation of the most common cyber attacks
The cyber security team at John Snow Labs has developed an integrated solution for comprehensive cyber security intelligence and threat management. The solution consumes live data from over 80 public, private and government sources and applies proprietary analytics and domain expertise to clean, corroborate, rank, de-dup and enrich the input threat signals.
A recent case study showed this threat intelligence database to identify 4.5 times the number of actual compromised IP addresses, in a production setting, compared to a combination of three other commercial threat intelligence feeds. The new solution goes a step further and makes it far easier and faster to use these high-quality datasets to block, prevent and remediate cyber security threats.
This is done by providing the data in additional industry standard formats, directly integrating it into common cyber security tools, and providing an API to enable real-time corroboration of suspected threats. Threat Intelligence as a Service is available starting today as an annual subscription which includes data access using any of these access methods. The service can also combine the threat intelligence data with other machine data collected throughout the enterprise, to provide a broader real-time-actionable cyber threat profile.
Benefits of John Snow Labs’ Threat Intelligence as a Service include automating these key activities:
- Synchronize threat data from John Snow Labs’ Threat Intelligence Delivery Framework into your choice of formats & tools, for immediate recognition of internal resources communicating with identified bad actors
- Corroborate network activity to or from threat indicators with other behavioral changes to hosts and users for more accurate prioritization of high-risk events
- Share and receive relevant threat data within the existing security infrastructure to optimize workflows and enable real-time countermeasures
- Remediate attacks recognized from prioritized Indicators of Compromise, by blocking communication with compromised domains to prevent data theft, block malware and terminate APT communication
By leveraging John Snow Labs Threat Intelligence Delivery Framework , customers benefit from increased threat intelligence and better risk management. The combined solution delivers the ability to rapidly detect, validate, and streamline the incident response time to cyber-attacks.
Bridging the gap between your threat intelligence data and your security infrastructure
SOC operators, CSIRT teams, and security analysts and researchers are in a race against time. The good news is that an overwhelming amount of Threat Intelligence is available today. The bad news is that it takes a long time to consume and make operational this intelligence across an enterprise’s security infrastructure.
For organizations that are part of an Information Sharing and Analysis Center or Organization – an ISAC or an ISAO – much of the threat intelligence consumed is usually based on the STIX/TAXII standards for describing and exchanging cyber threat information. The Financial Services ISAC (FS-ISAC) and many others rely on a STIX/TAXII repository to facilitate threat information sharing across their trusted communities. Applying this threat intelligence – integrating it with all internally used security products essential to protecting an organization – is a slow, manual and error-prone process.
John Snow Labs has created a Threat Intelligence Delivery Framework that provides out-of-the-box connections from STIXX and TAXII compliant sources to security products and solutions that can operationally leverage this threat intelligence. This framework and integrations are included in the Threat Intelligence as a Service subscription.
Key features include:
- Optimized to work with ISAC communities and raw IOC aggregators
- Translate raw STIX & TAXII data into formats that HP ArcSight ESM, Splunk & other tools natively read
- Easy-to-use interface to view threat information received through STIX & TAXII feeds
- Ability to run a keyword search to look for a specific indicator, search for an indicator type over a time range of your choice, and drill-down on specific indicator matches
This new turnkey service is available on its own, or as part of Managed Security Services from John Snow Labs which provide a complete solution for fully managed cyber security, data privacy and compliance, based on John Snow Labs’ combination of advanced analytics, domain expertise and field experience. All services include 24×7 support by domain experts, and access to all updates include new data sources and algorithmic advances delivered during an active subscription.
Contact firstname.lastname@example.org or call (302) 786-5227 to start using John Snow Labs’ Threat Intelligence as a Service, under a free trial period.