Our approach to Threat Intelligence Management:
Analysts need a way to automatically ingest, consolidate, normalize and de-duplicate threat intelligence data in one manageable location. While this external cyber threat data is commonly well-defined and understood, additional context from within the organization can vary wildly between industry verticals and companies. It’s vital that the threat intelligence management solution be able to consume and store these different data types as well as provide the capability to tailor data models to fit security teams’ needs.
The next step is to prioritize the vast amounts of threat data aggregated in this central repository. However, what is a priority to one company may not be relevant to another. What is needed is the ability for analysts to control how scoring, prioritization and expiration should be done – tell the system what is more important and less important once, and let the system automatically score and re-score when new data and context is learned. As more data comes in, the threat intelligence management system will automatically tune itself, creating a threat library that provides consistent information tailored specifically for the company.
The repository serves as a centralized memory to facilitate future investigations. Security teams can operate from a single source of truth, passively collaborating through the instantaneous sharing of knowledge and using their tools of choice to improve security posture and reduce the window of exposure and breach.
Integration with an ecosystem of data sources is streamlined and cost effective using open APIs at no additional cost, and can be further tailored with an SDK. For broad visibility, the system must be designed to be integrated with all systems that provide or leverage threat data within the organization.
- Contextualized, relevant intelligence in a database that is customized for the organization’s environment and risk profile.
- Focus, noise reduction and decision support during investigations and triage.
- Greater shared understanding of relationships across objects and object types to better support investigations and threat intelligence management.
- The freedom to spend more time performing analysis versus manual tasks.
- Orchestrated and synchronized threat intelligence management across all teams and tools so they can work in concert and increase effectiveness, efficiency and productivity.
Product videoPlay video
Other products from
Threat Intelligence Management Use Case is assigned to following product groups:
- Products and Solutions for IT Security (247)
- APT protection (131)
- Banking (IT security solutions) (204)
- BSI IT baseline protection (products and services) (166)
- CIP - Critical Infrastructure Protection (security solutions) (270)
- Computer emergency response team (CERT) (61)
- Counter-intelligence (80)
- Early warning for IT (91)
- Health services (IT security solutions) (137)
- Industrial IT security (294)
- Managed security services (296)
- Risk analysis and management (179)
- Security management (175)
- Threat analyses (268)
- Vulnerabitlity and patch management (130)
- IT security rooms and cabinets (14)
- Data center operation (68)
- Insurance IT security (35)