Posted: 2 Min ReadProduct Insights

How You Can Make Your Threat Intelligence… Intelligent

Symantec’s Threat Intelligence API

When asked about Threat Intelligence feeds I often give the same answer that Groucho Marx gave when asked about Military Intelligence.  “Isn’t that a contradiction of terms?”  The point is: feeds are not very smart. By the time the data for these feeds have been collected, sorted, collated, bundled and distributed they are more of a historical record.  Useful for sure.  But there must be a more intelligent way to do it.

There is: Symantec’s Threat Intelligence API.  We start out recognizing that the best intelligence is real time.  When a threat hunter needs information on a file, hash, domain or IP address that person really wants to know up-to-the-minute information on it.  Symantec, as a division of Broadcom, can do that.

And it’s not just the freshness of the data that makes our intelligence special. It’s built so threat hunters can spend less time hunting because of our built-in global context that makes it simple to find additional evidence.  We also match observed indicators of compromise (IOCs) to data in the feed to show associations with other indicators.  As a result, the threat hunter knows the value of the data without hours of research.

Here’s another reason you might consider a data feed dumb.  You have to pay for it.  SES Complete customers don’t.

Of course getting written analysis from experts is important, too.  So threat intel comes with written tactical intelligence specifically related to your organization, industry or geography.  It’s produced daily, weekly and monthly.  More importantly it’s produced just in time so you have statistical, historical and predictive trends on attack type groups, threat landscape update, or trends affecting a particular industry or geography -- automatically.

Don’t worry about needing another threat Intelligence platform.  Remember it’s an API, it’s integrated into many intelligence platforms already. Or, you can integrate it into your existing custom workflow.

Here’s another reason you might consider a data feed dumb.  You have to pay for it.  SES Complete customers don’t.  It’s just one more great feature of SES Complete, providing you with one more unique tool for keeping your environment safe from attackers.

Symantec Enterprise Blogs
Webinar

How Threat Intelligence Boosts Prevention and Detection: A Case Study

Join us in this webinar with SANS Analyst Jake Williams and Symantec Endpoint Product Management Director Adam Licata for a case study illustrating the difficult processes many SOC analysts face in performing threat analysis when they are lacking the right data and threat intelligence to dig deeper.

Watch Now
Symantec Enterprise Blogs
You might also enjoy
Expert Perspectives3 Min Read

How SES Complete Can Protect Against Sophisticated Attacks Such As Sunburst

Symantec Endpoint Security Complete addresses your blind spots

Symantec Enterprise Blogs
You might also enjoy
Expert Perspectives1 Min Read

Protecting Symantec Customers on the Endpoint through Network Protection

Proud to be the AV vendor of choice

About the Author

Kevin Haley

Director, Symantec Security Response

Kevin Haley is responsible for ensuring the security content from Symantec’s Global Intelligence Network is actionable for its customers-including focus on education in security issues and incorporating the security content into Symantec’s enterprise products.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.