André Lameiras
04 Dec 2023
Navigating the intricacies of today’s world is a complex task that requires accurate and timely knowledge as well as a contextual understanding of the geopolitical landscape. This becomes particularly sensitive when the digital security of critical infrastructure is considered, specifically for enterprises operating in the sectors of energy, finance, utilities, or petrochemical industries — or even for governmental institutions themselves.
Every day, ESET detects over 300,000 potential threats, providing our customers with unique insights from our own pool of more than 110 million sensors around the world, delivering a global understanding that is the foundation for any organization to anticipate, counter, and contextualize potential threats. Alongside our extensive visibility, ESET has built relevant industry partnerships and honeypots that source data where we don't have direct telemetry.
The research focus ESET has pursued remains at the heart of the company, which has decades of experience in mapping and tracking major APT groups. ESET has been committed to proactively sharing targeted intelligence with the security community, being one of the most referenced and active contributors to the MITRE ATT&CK knowledge base, serving as a member of the Joint Cyber Defense Collaborative (JCDC) established by CISA, and regularly contributing to the work of law enforcement bodies such as the FBI and national CERTS.
A more intuitive interface for a better user experience
To provide even more comprehensive access to all the knowledge provided by ESET Threat Intelligence, ESET is launching a new portal that allows for a fully automated experience of the platform. From the start, customers can access the terms of agreement, including the NDA, managing licenses, or user activity. The portal also presents an intuitive view of ESET APT and Threat Reports, the latest research blogs and podcasts, and relevant infographics. If subscribed, users can view private reports compiled by ESET Research upon request. Users can also define the periodicity of notifications of new reports, selecting the ones they want to be notified of.
ESET is also bundling its six Threat Intelligence data feeds, allowing customers to choose those that best fit their needs under one unique license. Once the agreement is active, the data feeds are configured automatically by simply enabling them right from the portal.
The new portal also provides ESET Connect-ready APIs, and all functionalities can be easily discovered with a new Online Help section detailing each of the APIs and how to integrate them.
SOC analysts using ETI will also take advantage of ESET MISP as the main integration platform for APT Reports, enabling them to go through the listing of events, run retrospective intelligence analyses and queries, filter results based on labels, and, ultimately, search sightings and find correlation using correlation graphics.
ESET proprietary intelligence data feeds: Real-time global knowledge
Originating from our 13 research centers dispersed globally, ESET Threat Intelligence comprises the knowledge and expertise of ESET researchers into six different and highly curated feeds with unique telemetry that can be accessed based on an organization's specific needs and size.
Simply put, the feeds are lists of Indicators of Compromise (IoC) and metadata, covering various aspects of cybersecurity, including tracking malicious files, botnets, and APTs; identifying potentially harmful domains or URLs and IPs considered malicious; and tracking the associated data.
To ensure compatibility and easy integration, the feeds are provided in widely used formats, such as JSON and STIX 2.1. Recently, ESET also announced the integration of its proprietary data feeds with the widely used SIEM and SOAR platform MS Sentinel, taking advantage of the built-in TAXII client of Microsoft Sentinel. Other already existing integrations are IBM QRadar, OpenCTI, Anomali, and ThreatQuotient.
Building a long-term strategy
Cyber threats evolve rapidly to stay ahead of emerging technology. ETI sits on top of all the work done at ESET, bringing together ESET’s unique visibility and research not only to provide deep technical analysis but also to provide a wider knowledge through the private APT reports that offer extensive tactical and strategic context to some of the most common questions: Why is this happening and who is behind it?
Moreover, ETI customers also have access to ESET researchers who will be ready to answer any questions arising from these reports, including technical follow-ups for a deeper understanding of the threat landscape.
The new portal will start rolling out in November.
For more information on ESET Threat Intelligence, visit our product page here.
コメント