Information sharing has been helping law enforcement and intelligence communities improve their capabilities for a long time. GTIS Managed Threat Analysis Service brings the same concept to our SIEM Enterprise and SIEM Operations Edition customers, integrating automatically analyzed threat intelligence and reputation information into the SIEM. This enables forward warning and emerging threat detection within the SIEM, securely synchronized from the GTIS Cloud.
This service includes 19 SIEM correlations which leverage Open Source, Crowd Source, and Enterprise Source intelligence provided by the service.
Portal User Interface
Included with this service is a configuration and management web based portal. Customers can test the service, review statistics on synchronized and updated threat intelligence through dashboards, and manage configuration of the service with the GTIS Cloud.
How It Works
Sources of Intelligence
GTIS scrutinize and ascertain a minimum level of confidence in the threat data we obtain. The output of this analysis is the intelligence used with the service. Sources of information include:
A large variety of openly available lists of threat information such as:
Information on correlated threats from GTIS SIEM Enterprise and SIEM Operations Edition customers who opt into crowd-sourcing intelligence.
May contain true positive information about compromised hosts and malware domains derived from automated SpiderLabs research and behavioral analysis from deployed GTIS security products such as our Secure Web Gateway.
Powerful correlations derived from best practices and specific configuration settings to meet customers own local policies and requirements, within their SIEM product.
Environmental metadata specific to each customer’s environment and assets, within their SIEM product.
GTIS Managed Threat Analysis Service is after all, a service. We guide customers through provisioning, registration and secure information synchronization setup, initial SIEM correlation setup with the 19 included TTCS correlations, test the service with the customers SIEM to ensure the service is functioning and operational, and provide knowledge transfer on the service to Security Analysts and Business owners.
Setting up the service is completed typically within a day. Most customers choose to have services delivered on-site however services can also be delivered remotely.