TAKE IMMEDIATE ACTION CURATE & CORRELATE

Transcription

TAKE IMMEDIATE ACTION CURATE & CORRELATE
Feature Brief: ThreatConnect Integration
Immediately Convert Your Threat
Intelligence into Global Threat Prevention
For the first time, you can prevent—not only detect—threats
both on and off the corporate network using APIs with a
cloud-delivered network security service. Together, OpenDNS
and ThreatConnect give you the power to curate, correlate,
and take immediate action on your threat intelligence.
Programmatically Curate and Correlate Your Threat Intelligence
Enterprises with dedicated security operation teams struggle to operationalize multiple
sources of indicators of compromise (IOCs). While your SIEM can centralize IOCs in one
place, it was not built for this task. And building your own custom in-house systems require
skillsets in short supply and takes months or years to complete. ThreatConnect’s
collaborative Threat Intelligence Platform (TIP) removes all these manual burdens.
Programmatically Take Immediate Action On This Intelligence
As intelligence is aggregated and analyzed in a TIP, the final step is to take action on it.
OpenDNS is one of ThreatConnect’s defense integration partners that enable you to
complete the threat intelligence lifecycle without manually configuring appliance- or agentbased defenses. By leveraging OpenDNS APIs, ThreatConnect will automatically add or
“By year-end 2018, 50% of
Type A organizations and
managed security service
providers will use a TIP to
consume, act upon and
disperse MRTI, up from
fewer than 5% today.”
— Craig Lawson and
Rob McMillan
Technology Overview for
Threat Intelligence
Platforms
remove domains or full IOCs with our cloud-delivered network security service—OpenDNS
Umbrella. By enforcing security at the DNS layer, Umbrella uses the Internet’s existing
infrastructure to keep malware, botnets/C2, and phishing from compromising systems and
exfiltrating data over any port, protocol, or app. Blocking Internet activity attributed to your
IOCs on any device—on or off the network—reduces the time between detection and
prevention from days to seconds.
CURATE & CORRELATE
TAKE IMMEDIATE ACTION
UMBRELLA
3RD-PARTY THREAT
INTELLIGENCE
Enforcement & Visibility
THREAT INTEL
PLATFORM
many more
IOCs
LOCAL THREAT
DETECTION
FW&
IPS
GATE- SANDWAYS BOX
POST
domains
or full IOCs
Aggregation
Analysis
Manage Events
Create Action
Network security service that
blocks (and/or logs) Internet
activity attributed to these
domains or IOCs.
INVESTIGATE
Intelligence & Enrichment
GET
context on
domains or IPs
Live graph of global DNS
requests and contextual data to
enrich threat intel. Features our
passive DNS database.
Enforce Threat Intelligence Globally
Today, mobile employees increasingly bypass their VPN agents for a variety of reasons. If
VPNs are not always on, traffic will not always pass over the network’s perimeter where
you have deployed security appliances. Unlike appliances, Umbrella enforces threat
intelligence globally using the OpenDNS Global Network.
While many new endpoint detection and response (EDR) agents only detect IOCs,
Umbrella blocks advanced attacks before data breaches or new malware infections
happen. Plus, many of these EDR agents still rely on VPN agents to receive updates when
the device is off the network. Not with Umbrella, because all security enforcement and
intelligence is in the cloud.
Investigate offers direct access to
predictive intelligence generated by the
“
“I have long considered DNS
a digital ‘center of gravity’
within the enterprise. If you
control DNS, Web, mail
services and protocols you
can control your adversaries.
With the ThreatConnectOpenDNS partnership and
integration we are empowering
enterprises to take control,
we are allowing them to make
decisions and act on their
own threat intelligence.”
— Rich Barger
Chief Intelligence Officer &
Co-founder
OpenDNS Security Graph via
70B+ daily DNS queries & BGP data
Umbrella enforces both your IOCs
and our predictive intelligence via
the OpenDNS Global Network of
208.67.222.222
25 data centers with 100% uptime
Customers simply point DNS at us
from Any Device, Anywhere to
About ThreatConnect
block malware, botnets/C2 & phishing
ThreatConnect, Inc. provides
industry-leading advanced
threat intelligence software
and services including
ThreatConnect®, the most
comprehensive Threat
Intelligence Platform (TIP) on
the market. ThreatConnect
delivers a single platform in
the cloud and on-premises to
effectively aggregate,
analyze, and act to counter
sophisticated cyber-attacks.
Leveraging advanced
analytics capabilities,
ThreatConnect offers a
superior understanding of
relevant cyber threats to
business operations. To
register for a free
ThreatConnect account, or to
learn more about our products
and services, visit:
www.threatconnect.com
over any port, protocol, or app
Programmatically Enrich This Intelligence for Better Correlation
Using our APIs and unique view of the Internet, OpenDNS Investigate can enrich your
threat intelligence with real-time context about suspicious domains, IPs, and ASNs.
ThreatConnect will add our risk scores to your IOCs across a number of attacker
infrastructure attributes. For example, using ThreatConnect, you can assign different
actions to based on OpenDNS detecting that they use fast flux networks (FFNs) or were
created by domain generation algorithms (DGAs).
And all the time saved by eliminating manual configurations can be used for investigating
incidents. Using our real-time, Google-like access, you can pivot from one domain to many
related IP addresses, autonomous systems, and co-occurring domains. Access a massive
passive DNS database to see historical data about domains.
For a free trial or more sales
information, contact our team:
1-877-811-2367 | [email protected] | www.opendns.com