IntSights announced enhancements to its External Threat Protection Suite, offering customers a brand new experience and functionality to its Threat Intelligence Platform (TIP) module that streamlines research and investigation workflows, reducing timelines from days to hours.
The result is faster research for threat hunters and SOC analysts while they are working both within and outside of the IntSights platform.
IntSights’ External Threat Protection (ETP) Suite provides enterprise-grade external threat intelligence and IOC management capabilities enabling security teams to defend against a rapidly evolving threat landscape while significantly reducing their workload.
Centralizing the collection, management, and integration of dozens of threat intelligence sources in the same platform, security teams can streamline investigation and proactively block threats with IntSights’ built-in TIP capabilities.
Cyber Threat Intelligence (CTI) and SOC teams are tasked with investigating Indicators of Compromise (IOCs) as rapidly and accurately as possible. These teams require up-front access to information such as when the IOC was discovered, reporting sources, and its relevance to their organization.
“As we have seen from recent headlines, companies of all types and sizes and across every industry are facing major cybersecurity challenges and have to meet the needs of their organization with comparatively limited resources," said Guy Nizan, CEO and founder at IntSights. “The enhancements allow these teams to significantly streamline threat investigations and proactively block threats from within their connected security devices.”
What’s new?
Expanded investigation capabilities: Building on existing IOC graph/link analysis database, IntSights has further expanded its threat intelligence platform to include expanded mapping capabilities on threat context, with the ability for customers to deep-dive into each indicator for further details, add investigation notes, and export the full map and details.
Expanded threat library & MITRE ATT&CK framework mapping: IntSights has also updated its existing threat library and content with a new user interface including more advanced search capabilities through regular expression (RegEx) like those used in search engines to speed investigation time for fast results, as well as details on MITRE ATT&CK framework Technique IDs (TIDs), a list of common tactics, techniques, and procedures (TTPs), mapped to relevant threat library topics.
IntelliFind - dark web search: A free-form search engine utility enables customers to search outside of their digital footprint on the clear web, into dark web sources. With this tool, security practitioners can extract information from IntSights dark web repositories (e.g., track threat actors, review postings on hacking forums or black markets, explore malware related chatter, etc.) and immediately discover how they pertain to organization-specific assets and mentions across the entire intelligence surface.
IntSights ExtendTM - browser extension (TIP/VRA): IntSights customers can speed external research and investigation efforts from any web resource, including SIEM environments, by using the Extend browser extension for Google Chrome and FireFox. This allows them to quickly view relevant IOCs and CVEs with mouse-over context while performing research outside of the IntSights platform.
Splunk app integrations (TC, TIP, VRA): IntSights has released an enhanced native bidirectional app for Splunk, which enables IntSights customers to bring actionable threat intelligence into their Splunk environment for a holistic view of threats targeting their environment.