The key to advanced threat protection is contextual information.
Threat intelligence, one aspect of a holistic cybersecurity strategy, helps you comprehend risks related to the most common and severe external threats, such as zero-day threats, advanced persistent threats and exploits. It enables you to collect and analyze data on the latest threats from a variety of sources. Threat intelligence information from security vendors, intelligence groups or connections to your own network helps you fend off attacks by initiating security activities to stop malicious behavior.
These real-time feeds combine intelligence and previous learnings from other organizations into a single source. However, identifying a threat within volumes of collected information could be like finding a needle in a haystack. You may find yourself asking:
- Which data is important?
- How can I differentiate normal and malicious activity that might signal an attack?
While ongoing analysis of enterprise log data alone is valuable, advanced threat protection is made possible by comparing your internal data with indicators of compromise. It’s the integration of threat intelligence feeds with your enterprise log data and a SIEM solution that enables you to quickly identify emerging attacks and act.
Log event integration
Threat intelligence feeds are compared to all log events that contain an IP address: firewall data, proxies, netflow, Windows events and more.
Robust alert functionality
Common alert rules, an event dashboards and data mapping available out-of-the-box and additional custom alert tools enable you to automate event interrogation and respond to emerging threats.
Real-time and historic analysis
Threat intelligence feeds integrate in near real-time. LogPoint can also retroactively compare threat intelligence with events on a compromised machine or host for 12 months.
Certification indicates the application has been examined, checked and documented according to the Common Criteria standard and according to ISO/IEC IS 15408.
The LogPoint Threat Intelligence Application is a free plugin included with a LogPoint license. The download is available from our Help Center. Threat Intelligence feeds can be either commercial, open source, or custom built.
LogPoint in Use
A recent attack targeted the most widely used electronic messaging system. The attack was revolutionary, dynamic and evaded common security solutions including anti-virus, firewall and IDS systems. With a SIEM solution in place, the attack registered as an event that was captured and analyzed. The event was described through a common language and distributed to other SIEMs or incident management platforms. Integrating SIEM and Threat Intelligence source data, the LogPoint Threat Intelligence application captured, described, and alerted users to the attack, enabling them to act and block the attack. Attack halted.