IntSights, the threat intelligence company focused on enabling enterprises to Defend Forward™, announced today major enhancements to the IntSights External Threat Protection (ETP) Suite with the launch of the Investigation API.
IntSights Threat Intelligence Platform (TIP), the Investigation API allows SOC teams to detect, remediate, and automate incident response activities. The API provides on-demand extended threat intelligence visibility into organization-specific Indicators Of Compromise (IOCs) and threat indicators in real time and at scale.
The RESTful Investigation API further enriches organization-specific threat intelligence by delivering IntSights-curated, highly tailored visibility into related malware, threat actors, and campaigns. Leveraging contextually rich threat intelligence to directly enrich existing security systems with on-demand context, enterprises can operationalize threat intelligence and automate incident response efforts.
“Customers are continuously looking for up-to-date, highly contextual, investigation-ready intelligence; however, such indicators have been hard to come by,” said Yaron Paryanty, Vice President, Product, at IntSights. ”Leveraging the IntSights Investigation API, we bring context and clarity to customer threat feeds, and consequently streamline operations. The correlation of new IOCs with a customer’s unique digital footprint helps the organization understand the potential impact and what appropriate response activities should be carried out in order to minimize the overall attack surface.”
Benefits of the Investigation API:
- Augments existing data sets: Leveraging on-demand context, IntSights enriches organization-specific intelligence, including IOCs and other threat indicators, in real time and at scale.
- Automates and streamlines investigative processes: The Investigation API provides real-time malicious threat indicator visibility into related malware, threat actors, and targeted campaigns.
- Integrates with your solutions: Scale your efforts by using internal security policies, practices, and tools to deliver immediate context and value.
Additional Q1 Enhancements to the IntSights External Threat Intelligence Suite:
- Vulnerability Risk Analyzer™ Release – With IntSights Vulnerability Risk Analyzer, CVEs that are relevant to the customer are enriched with external threat intelligence data and instantly scored, virtually eliminating the resource-intensive prioritization process for CVE patching.
- Integrations with Vulnerability Risk Analyzer – Integrations with Qualys and Tenable enable organizations to enrich CVEs with clear, deep, and dark web intelligence, resulting in improved patching sequence.
- IntSights Query Language (IQL) – Optimize searchability and control with a highly intuitive and dynamic query language mechanism that allows users to easily filter, search, and highlight relevant alerts using a combination of keywords and regular expressions.
- Phishing Protection Enhancements – Dramatically reduce time to detect and alert upon suspected phishing domains leveraging IntSights real-time Certificate Transparency (CT) logs monitoring — from days to hours.
- Patching Prioritization – Prioritize patching for critical vulnerabilities with IntSights “Technologies In Use,” which allows enterprises that do not have a vulnerability management system in place to correlate, prioritize, and enrich existing digital assets with curated risk-prioritized CVEs.