Huntsman Threat Intelligence delivers advanced threat protection by enabling organisations to interpret events in the context of known threat fingerprints or profiles, automatically, and in real time.
Huntsman sources threat intelligence from:
- External sources – a public or commercial list of compromised websites or botnet members
- Community-based sources – such as a CERT service or an industry body
- Localised and specific sources – based on either known risk factors; sensitive systems, users or networks; or specific actionable intelligence sources
- Contextual sources – such as ongoing investigations or other systems.
So, rather than simply mirroring “siloed” external sourced information, Huntsman ingests external threat intelligence together with internal observations to automate the analysis of the broader threat information for richer situational awareness and event contextualization. This delivers unparalleled real-time clarity about indicators of compromise and threats, their severity and likely impact – and significantly improves the quality of incident response and security decision-making.
Your enterprise will benefit from:
- Reduced time to threat resolution – Huntsman analyses and triages the relevant information to contextualise and validate genuine alerts and eliminate false positives
- More accurate, real-time detection of security incidents – Huntsman enables new threat intelligence information to be correlated with internal events
- Improved threat analytics; determination of the meaning, significance, relevance and severity of alerts – Huntsman gives an operator greater situational awareness and better information for informed incident response
- Faster decision-making – Huntsman automates the collection and analysis of threat information without requiring manual data gathering and analysis
- Dynamic awareness between internal systems, real-time threat detection controls and localised ‘threat context’ – Huntsman enables real-time detection and diagnosis of attacks that traverse the ‘kill chain’
- Reduced risk – Huntsman reduces losses from incomplete or non-current threat intelligence during the detection, investigation or resolution processes.
- Automated threat analysis process that uses a range of information sources and data types
- Vendor-neutral capability to collect intelligence from the widest choice of commercial and other sources
- Creation of feedback loops from Huntsman alerts to enable any new threat information to automatically update internal rule sets for the future detection and alerting of known infections, or to detect changed patterns of misuse across systems or a user population
- Modelling of user and asset risk and sensitivity to drive detection, diagnosis and incident response.
The Huntsman Threat Intelligence add-on will enhance the following Huntsman products: