Advanced Threat Intelligence
Nuspire’s NuSecure Advanced Cyber Threat Intelligence is a blend of technical, tactical, operational, and strategic cyber threat intelligence only available to devices enrolled in the Cyber Threat Monitoring service.
Technical Cyber Threat Intelligence
NuSecure's Technical Cyber Threat Intelligence is created through a propriety blending, prioritization, and validation of social feeds, commercial feeds, and the aggregated information received from tens of thousands of diverse security manufacture devices deployed around the world.
As a global Managed Security Service Provider (MSSP) and cloud Security Information and Event Management (SIEM) provider, Nuspire has tens of thousands of diverse NextGen and UTM firewall appliances that feed billions of security, context-rich log events into the NuSecure SIEM solution every day. Many of the manufacturers’ devices that feed these security-rich metadata logs into the SIEM are active members of the Cyber Threat Alliance.
Automated methods are utilized to collect IP reputation information that indicates a lower level of trust should be used for addresses that are not specifically known as malicious. This information is combined with other alert methods to build correlated events that trigger Nuspire's Security Operations Center (SOC) engineers to investigate the communications. The continuous feed of actively updated security log metadata in conjunction with existing IP reputation data, known Command and Control (C&C) networks from cybersecurity threat feeds, known compromised internet addresses and even threat intelligence from Darknet - beyond the surface web - all combine into the NuSecure big data SIEM for normalization, correlation, and aggregation. Once combined and ranked according to proprietary techniques, big data infrastructure is utilized to provide real-time analytics and alerts on the stream of logs received.
Tactical & Operational Cyber Threat Intelligence
NuSecure's Security Analytics Team (SAT) members follow industry specific trends, security issues, government intelligence, and other deep Internet data sources that could affect customers. The research is used to further tune alerts and algorithms. Tactical threat intelligence is used to track threat actors to help predict attacks through their techniques and procedures. Operational threat intelligence is utilized when actionable intelligence of a pending attack on a customer or industry is discovered. Discovery of tactical and operational threat intelligence issues that affect monitored devices generate tickets for review and discussion with the partner through the trax™ ticketing system.
Strategic Cyber Threat Intelligence
NuSecure's SAT provides informational notices through the trax™ portal about high-level security issues faced by a multitude of industries, technologies, and organizational sizes. This information can be used by executives and their boards to help guide an organization in reducing cybersecurity risk for the long-term.
This blending of real-time, third-party security intelligence (identified by devices placed all around the globe), databases of poor reputation or compromised hosts, advisories and bulletins driven from FBI active investigations of cyber threats, and NuSecure's own security research represent the NuSecure Advanced Cyber Intelligence. Once combined and ranked according to proprietary techniques to normalize, correlate, and aggregate the intelligence, big data infrastructure is utilized to provide real-time analytics and alerts on the stream of logs received as part of the CTM service.