Posted
Leveraging Automation and the Cloud to Improve Cyber Response
Threats are moving faster than ever in today’s cyber threat environment. A timely and impactful response to an ongoing cyberattack is critical. Yet, still, today, many companies cannot detect any potentially malicious activity, especially in the early phases of an attack. Most companies are just outnumbered by well-funded and experienced threat actors, and find it difficult to maintain pace with the ongoing barrage of threats.
Crowdsourcing has emerged to help address the huge imbalance between threat actors and defenders. In industries like penetration testing (pentest), talent is regularly sourced for a variety of pentest missions. Over the past years, many organizations have been created to help cybersecurity professionals collaborate and share data. These organizations allow members to share cyber threat information within this community with other trusted members. The goal is to identify and leverage actionable intelligence faster to identify and stop threats faster.
ThreatConnect has re-imagined the concept of crowdsourced security within the CAL™ (Collective Analytics Layer) of the ThreatConnect® Platform. The initial vision was to use technology to improve the speed and widespread sharing of critical threat information among the cybersecurity professionals that participate. The ThreatConnect Platform already helps you identify threats with your own data. Now, with CAL, ThreatConnect provides an anonymous yet highly connected community a way to learn how many times potential threats have been identified across all participating platform instances. CAL brings a game changing increase in both visibility and speed to your SOC.
How Does CAL Work?
ThreatConnect’s CAL™ provides a way to learn how widespread and relevant a threat is by anonymously leveraging the multitude of data points from the many thousands of analysts that use the ThreatConnect Platform. CAL does this by combining data from the many billions of indicators collected from open and proprietary data sources. CAL then applies analytics to find the critical and meaningful connections and then identifies this through the in-platform scoring of the ThreatConnect Platform’s ThreatAssess. This reputation analysis defines and presents the urgency and criticality of each indicator of compromise (IOC). This is done on a single numeric scale to more intuitively and effectively prioritize decision-making.
CAL and the ThreatConnect Platform have empowered the crowd, and the crowd can now begin to outpace the attackers. The power of the ThreatConnect Platform is multiplied by using both orchestration and threat intelligence from the multitude of sources, including the CAL community, to move faster and more decisively to identify and defeat new threats.
CAL Provides Many Benefits
CAL brings many other benefits for your team. CAL helps your team prioritize IOCs to reduce common alert fatigue. CAL’s analytics help maximize efficiency by removing low (or no!) priority IOCs from your system. The benefits include less alert fatigue and less time wasted on false positives. CAL saves around 500,000,000 false alerts a month across our ecosystem. Your workflow will run faster, and the overall performance of your security information and event manager (SIEM) will improve.
CAL brings other important benefits to you. CAL report cards let you know how your existing open source feeds are performing on a comparative basis. You can also see which sources provide IOCs relevant to your organization that other sources cannot, as well as compare unique IOC counts.
One of the most significant goals is to move your team from a reactive to a more proactive response. CAL Feeds help accomplish this task by identifying potentially critical areas of insight for follow-up investigation by your team. CAL datasets and analytics also enable your team to proactively identify productive hunting ground targets.
Learn More
To learn more about how CAL has re-imagined and automated the concept of crowdsourced security, please reach out to us via /contact/, and we’ll be pleased to share a demonstration of the ThreatConnect Platform. You can also find more information about CAL here on our website.