Cysiv SOC-as-a-Service includes three important elements related to threat intelligence:
Knowing what to look for is critical to threat detection and hunting strategies, which is why we leverage up-to-the-minute actionable indicators of compromise (IOCs) from a broad range of sources.
We have curated a selection of 50+ high-quality IOC feeds from over a dozen of the most respected sources worldwide, including Trend Micro, Unit42 (Palo Alto Networks), Cisco, OpenPhish, ICS-CERT and others. Their data is derived from 100’s of millions of sensors worldwide to identify known bad domains, URLs, and IPv4 and IPv6 addresses.
We augment curated IOCs with those of IOCs from our own threat research and investigations.
If you have your own threat intel, we will incorporate that into our overall database. As well, we receive voluntary, anonymized submissions from other organizations.
How it Works?
This intel is leveraged throughout the threat-monitoring, hunting, and investigation process, and by managed security controls that more quickly and reliably identify known and unknown threats, advanced malware attacks, malicious attacks, and other IOCs, before they impact your organization.
Cysiv threat experts contribute to and leverage this threat intel, and every Cysiv SOC-as-a-Service customer benefits from their work.
Our intel team collects and processes threat intelligence, does reverse engineering and malware analysis, damage assessment and reporting, root cause analysis, and campaign and actor tracking. Their work is typically shared with you through alerts, bulletins, and reports.
Our hunters are a key part of the security operations team. They proactively anticipate, detect, disrupt and eradicate threat actors from customer networks using data and forensic analysis, threat intelligence, and cutting-edge security technologies. They continuously improve processes and work with you to resolve issues, provide additional information, and answer questions related to incidents and monitoring.
Cysiv Command, our SOC-as-a-Service platform, provides you with an important threat exchange capability. Customers from different industries, including healthcare, financial services, travel & hospitality, state and local government, education, and energy, can volunteer to contribute anonymized IOC data to the Cysiv platform for the broader benefit of their community.
Organizations that want to further position themselves as security-conscious leaders in their sectors can champion and advocate that others similarly contribute valuable IOC data to the exchange, for the benefit of all. The more intel we aggregate, the better protected you, and your peers, will be.