Our Threat Intelligence Services generate, aggregate and distribute real-time feeds of intelligence data both internally-generated and derived from third-party data.
The SWORDFISH Threat Intelligence provides intelligence and reputational data feeds in multiple forms (IP Addresses, Domains, URLs, Emails, ASNs) focusing on a centralized up-to-date repository of OSI proprietary intelligence data, commercial, free and open source feeds. Additionally, the service is supplied with technology that can be used at client premises to collect and process focused intelligence related to the Clients business.
The sources constituting theThreat Intelligence include:
- OSI proprietary intelligence act as a reputational source, based on OSI Security Operations Centers day-to-day research, analysis and classification operations
- SIEM Based Reputation: By monitoring multiple and diverse environments and industry sectors, OBRELA extract the correlation intelligence and transform it to proprietary feeds
- Dynamic Malware Analysis: Through automated or manual identification of candidate malware downloaded in monitored networks, the Malware & APT Analytics system dynamically executes the malware, solidifies its nature and extracts intelligence based on the interactions it performs with the system and the network. Additionally, the Malware Analysis environment is constantly trained with new malware whose signatures enrich the Threat Intel database.
- Commercial Feeds are also aggregated and deduplicated in order to promote and deliver a centralized intelligence repository of “legally-disclosed” commercial sources under a reduced cost.
- Free and Open Source feeds are regarded as powerful sources due to community and open-research dedication to identifying the latest and up-to-date threats targeting the internet. These lists are validated, deduplicated, prioritized and distributed
- Web Scraping: Our 24x7x365 security analysts are constantly monitoring web resources including RSS Feeds / Blogs / Crowd-sourced Platforms / Security & Intelligence Reports for actionable data and perform scraping of the content to enhance the list with valuable zero-day intel
The Threat Intelligence framework is designed to work seamlessly with any IS Technology that is capable of performing monitoring or blocking control against known indicators. OBRELA can provide alternative methods to access the data such as sFTP/API/HTTPs etc.