TAKE IMMEDIATE ACTION CURATE & CORRELATE
Transcription
TAKE IMMEDIATE ACTION CURATE & CORRELATE
Feature Brief: ThreatConnect Integration Immediately Convert Your Threat Intelligence into Global Threat Prevention For the first time, you can prevent—not only detect—threats both on and off the corporate network using APIs with a cloud-delivered network security service. Together, OpenDNS and ThreatConnect give you the power to curate, correlate, and take immediate action on your threat intelligence. Programmatically Curate and Correlate Your Threat Intelligence Enterprises with dedicated security operation teams struggle to operationalize multiple sources of indicators of compromise (IOCs). While your SIEM can centralize IOCs in one place, it was not built for this task. And building your own custom in-house systems require skillsets in short supply and takes months or years to complete. ThreatConnect’s collaborative Threat Intelligence Platform (TIP) removes all these manual burdens. Programmatically Take Immediate Action On This Intelligence As intelligence is aggregated and analyzed in a TIP, the final step is to take action on it. OpenDNS is one of ThreatConnect’s defense integration partners that enable you to complete the threat intelligence lifecycle without manually configuring appliance- or agentbased defenses. By leveraging OpenDNS APIs, ThreatConnect will automatically add or “By year-end 2018, 50% of Type A organizations and managed security service providers will use a TIP to consume, act upon and disperse MRTI, up from fewer than 5% today.” — Craig Lawson and Rob McMillan Technology Overview for Threat Intelligence Platforms remove domains or full IOCs with our cloud-delivered network security service—OpenDNS Umbrella. By enforcing security at the DNS layer, Umbrella uses the Internet’s existing infrastructure to keep malware, botnets/C2, and phishing from compromising systems and exfiltrating data over any port, protocol, or app. Blocking Internet activity attributed to your IOCs on any device—on or off the network—reduces the time between detection and prevention from days to seconds. CURATE & CORRELATE TAKE IMMEDIATE ACTION UMBRELLA 3RD-PARTY THREAT INTELLIGENCE Enforcement & Visibility THREAT INTEL PLATFORM many more IOCs LOCAL THREAT DETECTION FW& IPS GATE- SANDWAYS BOX POST domains or full IOCs Aggregation Analysis Manage Events Create Action Network security service that blocks (and/or logs) Internet activity attributed to these domains or IOCs. INVESTIGATE Intelligence & Enrichment GET context on domains or IPs Live graph of global DNS requests and contextual data to enrich threat intel. Features our passive DNS database. Enforce Threat Intelligence Globally Today, mobile employees increasingly bypass their VPN agents for a variety of reasons. If VPNs are not always on, traffic will not always pass over the network’s perimeter where you have deployed security appliances. Unlike appliances, Umbrella enforces threat intelligence globally using the OpenDNS Global Network. While many new endpoint detection and response (EDR) agents only detect IOCs, Umbrella blocks advanced attacks before data breaches or new malware infections happen. Plus, many of these EDR agents still rely on VPN agents to receive updates when the device is off the network. Not with Umbrella, because all security enforcement and intelligence is in the cloud. Investigate offers direct access to predictive intelligence generated by the “ “I have long considered DNS a digital ‘center of gravity’ within the enterprise. If you control DNS, Web, mail services and protocols you can control your adversaries. With the ThreatConnectOpenDNS partnership and integration we are empowering enterprises to take control, we are allowing them to make decisions and act on their own threat intelligence.” — Rich Barger Chief Intelligence Officer & Co-founder OpenDNS Security Graph via 70B+ daily DNS queries & BGP data Umbrella enforces both your IOCs and our predictive intelligence via the OpenDNS Global Network of 208.67.222.222 25 data centers with 100% uptime Customers simply point DNS at us from Any Device, Anywhere to About ThreatConnect block malware, botnets/C2 & phishing ThreatConnect, Inc. provides industry-leading advanced threat intelligence software and services including ThreatConnect®, the most comprehensive Threat Intelligence Platform (TIP) on the market. ThreatConnect delivers a single platform in the cloud and on-premises to effectively aggregate, analyze, and act to counter sophisticated cyber-attacks. Leveraging advanced analytics capabilities, ThreatConnect offers a superior understanding of relevant cyber threats to business operations. To register for a free ThreatConnect account, or to learn more about our products and services, visit: www.threatconnect.com over any port, protocol, or app Programmatically Enrich This Intelligence for Better Correlation Using our APIs and unique view of the Internet, OpenDNS Investigate can enrich your threat intelligence with real-time context about suspicious domains, IPs, and ASNs. ThreatConnect will add our risk scores to your IOCs across a number of attacker infrastructure attributes. For example, using ThreatConnect, you can assign different actions to based on OpenDNS detecting that they use fast flux networks (FFNs) or were created by domain generation algorithms (DGAs). And all the time saved by eliminating manual configurations can be used for investigating incidents. Using our real-time, Google-like access, you can pivot from one domain to many related IP addresses, autonomous systems, and co-occurring domains. Access a massive passive DNS database to see historical data about domains. For a free trial or more sales information, contact our team: 1-877-811-2367 | [email protected] | www.opendns.com