Threat Intelligence2018-03-31T08:43:30+00:00
//Threat Intelligence

Threat Intelligence

The key to advanced threat protection is contextual information.

Threat intelligence, one aspect of a holistic cybersecurity strategy, helps you comprehend risks related to the most common and severe external threats, such as zero-day threats, advanced persistent threats and exploits. It enables you to collect and analyze data on the latest threats from a variety of sources. Threat intelligence information from security vendors, intelligence groups or connections to your own network helps you fend off attacks by initiating security activities to stop malicious behavior.

These real-time feeds combine intelligence and previous learnings from other organizations into a single source. However, identifying a threat within volumes of collected information could be like finding a needle in a haystack. You may find yourself asking:

  • Which data is important?
  • How can I differentiate normal and malicious activity that might signal an attack? 

While ongoing analysis of enterprise log data alone is valuable, advanced threat protection is made possible by comparing your internal data with indicators of compromise. It’s the integration of threat intelligence feeds with your enterprise log data and a SIEM solution that enables you to quickly identify emerging attacks and act.

Threat Intelligence for LogPoint

Enterprise log data tracks every event generated in the network. LogPoint captures and analyzes structured and unstructured enterprise log data and compares that with known bad indicators or malicious hosts identified in threat intelligence feeds.

The LogPoint Threat Intelligence Application offers a simple and efficient threat intelligence platform to identify emerging threats within your infrastructure, integrating with more than 100 threat intelligence feeds. After the data is converted into a “common language” format, LogPoint compares it with your enterprise log data. LogPoint screens hundreds of thousands of indications of compromise to alert you to known attacks. An alert of a potential threat prompts action, such as blocking known bad IP addresses.

Simply put, LogPoint provides real-time, cross-platform insight into potential threats.

Application features

Log event integration

Threat intelligence feeds are compared to all log events that contain an IP address: firewall data, proxies, netflow, Windows events and more.

Robust alert functionality

Common alert rules, an event dashboards and data mapping available out-of-the-box and additional custom alert tools enable you to automate event interrogation and respond to emerging threats.

Real-time and historic analysis

Threat intelligence feeds integrate in near real-time. LogPoint can also retroactively compare threat intelligence with events on a compromised machine or host for 12 months.

EAL3+ certified

Certification indicates the application has been examined, checked and documented according to the Common Criteria standard and according to ISO/IEC IS 15408.

The LogPoint Threat Intelligence Application is a free plugin included with a LogPoint license. The download is available from our Help Center. Threat Intelligence feeds can be either commercial, open source, or custom built.

LogPoint in Use

A recent attack targeted the most widely used electronic messaging system. The attack was revolutionary, dynamic and evaded common security solutions including anti-virus, firewall and IDS systems. With a SIEM solution in place, the attack registered as an event that was captured and analyzed. The event was described through a common language and distributed to other SIEMs or incident management platforms. Integrating SIEM and Threat Intelligence source data, the LogPoint Threat Intelligence application captured, described, and alerted users to the attack, enabling them to act and block the attack. Attack halted.