Threat Intelligence

In today’s dynamic and evolving threat environment, busy IT security teams don’t have the time or resources to do threat analysis of emerging threats on their own. Instead, they turn to Zartek Global Labs to do the research for them with continuous Threat Intelligence updates that are fully integrated into the Zartek Global Unified Security Managment™ (USM) platform for threat assessment, detection, and response.(Note: The Zartek Global Threat Intelligence Service is included in the first year license cost for every USM All-in-One appliance, Standard Server or Enterprise Server.)

Your USM platform receives updates every 30 minutes from the Zartek Global Labs threat research team. This dedicated team spends countless hours analyzing the different types of attacks, emerging threats, suspicious behavior, vulnerabilities and exploits they uncover across the entire threat landscape.

 

The Zartek Global Advantage:

Ownership of both the built-in data sources and the management platform that make up the USM platform gives Zartek Global a unique advantage over other security point products. Providing predictable data sources enables our threat research team to have a comprehensive understanding of the interactions between the different data types being collected, correlated and analyzed. This in-depth knowledge enables us to engineer the USM platform to provide effective security controls and seamlessly integrated threat intelligence for any environment.

Zartek Global Labs Threat Intelligence drives the USM platform’s threat assessment capabilities by identifying the latest threats, resulting in the broadest view of threat vectors, attacker techniques and effective defenses. Unlike single-purpose updates focused on only one security control, Zartek Global Labs regularly delivers eight coordinated rule set updates to the USM platform. These updates eliminate the need for you to spend precious time conducting your own research on emerging threats, or on alarms triggered by your security tools. These rule sets maximize the efficiency of your security monitoring program by delivering the following updates directly to your Zartek Global USM™ installation:

  • Correlation directives – USM ships with over 2,000 pre-defined rules that translate raw events into specific, actionable threat information by linking disparate events from across your network
  • Network IDS signatures – detect the latest malicious traffic on your network
  • Host IDS signatures – identify the latest threats targeting your critical systems
  • Asset discovery signatures – detect the latest operating systems, applications, and device information
  • Vulnerability assessment signatures – uncover the latest vulnerabilities on your systems
  • Reporting modules – receive new views of critical data about your environment to management and satisfy auditor requests
  • Dynamic incident response templates – customized guidance on how to respond to each alert
  • Newly supported data source plugins – expand your monitoring footprint by integrating data from legacy security devices and applications

 

Finding Smaller Needles in Bigger Haystacks

Identify the Most Significant Threats Facing Your Network Right Now

IT teams of all sizes suffer from having too much security event data and not enough actionable threat intelligence. Many security tools generate a steady stream of alerts about important (and not so important) activity, causing IT teams to sacrifice their valuable time by trying to manually correlate disparate activity in their log files. They dig through thousands of seemingly innocuous events, hoping to find those few indicators that can signify system compromise or data breach. At the same time, attack techniques have become more sophisticated, making breaches harder to detect.

Logs carry important information such as what your users are doing, what data they are accessing, the performance of your systems and overall network health. They will also contain evidence of system compromise and data exfiltration, if you know where to look. However, reading raw logs isn’t easy, for several reasons, including:

  • Logs vary from system to system or even from version to version on the same system
  • They are usually hard to interpret and not easily read by IT staff
  • Logs are focused on recording events generated by each system and have limited visibility (e.g., a firewall sees packets and network sessions, while an application sees users, data, and requests)
  • Logs are static, fixed points in time, without the full context or sequence of related events.

Zartek Global USM solves these problems with its powerful correlation engine. Over 2,000 pre-built correlation directives continuously analyze event data to identify potential security threats in your network. USM automatically detects and links behavior patterns found in disparate yet related events generated across different types of assets, telling you what are the most significant threats facing your network right now.

 

Advanced Alien Intelligence to Combat Advanced Threats

Here are a few of our collection and analysis techniques:

Security Artifact Analysis

Using a wide range of collection techniques, including advanced sandboxing to quarantine malware samples, the Zartek Global Threat Research team analyzes over 1 million unique security artifacts every day. This analysis provides key insights into the latest attacker tools and techniques.

 

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging the insight gained by honeypots placed in high traffic networks, our Zartek Global Labs team arms our USM customers with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, and more.

 

Attacker Profile Analysis

We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.

 

Open Collaboration with State Agencies, Academia, and Other Security Research Firms

Thanks to the broad reach of our threat intelligence sharing community, we’ve been able to establish strong connections with state agencies around the world, academic researchers and other security vendors. These relationships enable us to get access to pre-published vulnerability and malware updates as well as enhanced verification of our own research. By gathering community-powered threat intelligence from a diverse installed base that is spread across many industries and countries and composed of organizations of all sizes, we’re able to shrink an attacker’s ability to isolate targets by industry or organization size.

 

Ready to learn more? The free trial includes continuous Threat Intelligence updates from Zartek Global Labs

World’s First Open Threat Intelligence Community

Threat sharing in the security industry remains mainly ad-hoc and informal, filled with blind spots, frustration, and pitfalls. Our vision is for companies and government agencies to gather and share relevant, timely, and accurate information about new or ongoing cyberattacks and threats as quickly as possible to avoid major breaches (or minimize the damage from an attack). Zartek Global’s Open Threat Exchange (OTX) delivers the first truly open threat intelligence community that makes this vision a reality.

 

How OTX Works

Zartek Global OTX provides open access to a global community of threat researchers and security professionals. It now has more than 47,000 participants in 140 countries, who contribute over 4 million threat indicators daily. It delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from any source. OTX enables anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques, strengthening your defenses while helping others do the same.

 

Zartek Global OTX Pulse

Pulses provide you with a summary of the threat, a view into the software
targeted, and the related indicators of compromise (IOC) that can be used
to detect the threats.

 

IOCs include:

  • File Hashes: MD5, SHA1, SHA256, PEHASH, IMPHASH
  • CIDR Rules
  • File Paths
  • MUTEX name
  • CVE number
  • IP addresses
  • Domains
  • Hostnames (subdomains)
  • Email
  • URL
  • URI

 

Pulses make it easy for you to answers questions like:

  • Is my environment exposed to this threat?
  • Is this relevant to my organization?
  • Who is behind this, and what are their motives?
  • What are they targeting in my environment?

 

Open Access to the Threat Intelligence Community

Security research tends to be an insular process and rarely do individuals or groups share threat data with one another. This is due to lack of trust, internal policies, or simply the inability to get the information out to the masses. OTX helps to solve this problem with the ability to subscribe or follow the most trusted pulses in the community.

  • Subscribe to pulses and use the DirectConnect feature to automatically update your security products.
  • Follow OTX contributors and get valuable insight into their recently researched threats.

 

Openly Research & Collaborate on Emerging Threats

The traditional threat sharing model is a one-way communication between researchers/vendors and subscribers. There is no way for subscribers to interact with peers or threat researchers on emerging threats, as each recipient is isolated from each other. That’s why we built OTX — to change the way we all create, collaborate, and consume threat data.

Most threat data sharing products or services are expensive and/or overly complex. Users often find themselves buying multiple services since the traditional, isolated, approach to threat data limits their ability to export threat data from one tool to another. OTX provides several methods for your security tools to ingest pulse data, allowing you to react quickly and more efficiently to any threats.

 

Direct Integration with USM

Automatically instrument your built-in IDS capability within USM deployments, as well as third party security tools, with the latest actionable threat data from community-generated pulses.

 

OTX DirectConnect API

Export IoCs automatically into your existing security tools, eliminating the need to manually add IP addresses, MD5 hashes of malware files, domain names, etc.

 

Export to Third Party Security Tools

Import IoCs from pulses into third party security tools.