When asked about Threat Intelligence feeds I often give the same answer that Groucho Marx gave when asked about Military Intelligence. “Isn’t that a contradiction of terms?” The point is: feeds are not very smart. By the time the data for these feeds have been collected, sorted, collated, bundled and distributed they are more of a historical record. Useful for sure. But there must be a more intelligent way to do it.
There is: Symantec’s Threat Intelligence API. We start out recognizing that the best intelligence is real time. When a threat hunter needs information on a file, hash, domain or IP address that person really wants to know up-to-the-minute information on it. Symantec, as a division of Broadcom, can do that.
And it’s not just the freshness of the data that makes our intelligence special. It’s built so threat hunters can spend less time hunting because of our built-in global context that makes it simple to find additional evidence. We also match observed indicators of compromise (IOCs) to data in the feed to show associations with other indicators. As a result, the threat hunter knows the value of the data without hours of research.
Here’s another reason you might consider a data feed dumb. You have to pay for it. SES Complete customers don’t.
Of course getting written analysis from experts is important, too. So threat intel comes with written tactical intelligence specifically related to your organization, industry or geography. It’s produced daily, weekly and monthly. More importantly it’s produced just in time so you have statistical, historical and predictive trends on attack type groups, threat landscape update, or trends affecting a particular industry or geography -- automatically.
Don’t worry about needing another threat Intelligence platform. Remember it’s an API, it’s integrated into many intelligence platforms already. Or, you can integrate it into your existing custom workflow.
Here’s another reason you might consider a data feed dumb. You have to pay for it. SES Complete customers don’t. It’s just one more great feature of SES Complete, providing you with one more unique tool for keeping your environment safe from attackers.
How Threat Intelligence Boosts Prevention and Detection: A Case Study
Join us in this webinar with SANS Analyst Jake Williams and Symantec Endpoint Product Management Director Adam Licata for a case study illustrating the difficult processes many SOC analysts face in performing threat analysis when they are lacking the right data and threat intelligence to dig deeper.
We encourage you to share your thoughts on your favorite social platform.