Características de SOCRadar Extended Threat Intelligence

Orchestration (3)

Asset Management: Lets users group and organize their endpoints to gather threat intelligence on specific technologies.
Security Workflow Automation: Reduces the need for IT and security professionals to iterate repetitive tasks associated with gathering threat information.
Deployment: The process in which users integrate their existing security systems and endpoints to the threat intelligence platform.

Proactive Alerts: Prior to security incidents, the product will alert users when a new, relevant vulnerability or threat is discovered.
Malware Detection: Provides multiple techniques and information sources to alert users of malware occurrences.
Intelligence Reports: The ability for users to produce reports outlining detailed and personalized threat information

Endpoint Intelligence: Analysis for users to examine threat intelligence data specific to their endpoint devices.
Security Validation: The product has a recurring examination process to update your intelligence reports as new threats emerge.

Reseller Database: Provide a database or authorized and unauthorized resellers
Monitoring: Monitor online product and pricing information
Violations: Identify pricing or brand policy violations

Monitoring - Deep Web: Monitors select keywords on the deep web, which are non-indexed parts of the internet not available on the surface web.
Monitoring - Dark Web: Monitors select keywords on the dark areas of the web, which are only accessible via Tor and I2P, such as illicit marketplaces and dark forums.
Analysis: Provides context around identified information, including historical threat data, threat location data from geotags or inferred data, threat actors names, relationships, URLs, and other relevant information to conduct further investigations.
Ticketing: Integrates into ticketing or CRM platforms via API integrations.
Simple Search: Search through real-time and historical data without using technical query language.
Leak Source: Provides additional context and analysis to help identify the source of leaked information.
Centralized Dashboard: Offers a centralized dashboard to monitor, collect, process, alert, analyse and search through data flagged by the software.
Real-Time Alerts: Enables real-time alerts and reporting through push notifications in a mobile app, email, or sms alerts.

Gap Analysis: Analyzes data associated with denied entries and policy enforcement, giving information of better authentication and security protocols.
Vulnerability Intelligence: Stores information related to common vulnerabilities and how to resolve them once incidents occur.
Compliance Monitoring: Monitors data quality and sends alerts based on violations or misuse.
Continuous Monitoring: Aggregates real-time updates and historical data from multiplate internal and external data sources to support ongoing proactive threat response.

Asset Discovery: Detects new assets as they enter cloud environments and networks to add to asset inventory.
Shadow IT Detection: Identifies unsanctioned software.
Change Management: Provides tools to track and implement required security policy changes.

Risk-Prioritization: Allows for vulnerability ranking by customized risk and threat priorities.
Reconnaissance: Gathers information about the system and potential exploits to be tested.
At-Risk Analysis: Uses machine learning to identify at-risk data.
Threat Intelligence: Stores information related to common threats and how to resolve them once incidents occur.

AI Text Summarization: Condenses long documents or text into a brief summary.
AI Text Summarization: Condenses long documents or text into a brief summary.
Generate Attack Scenarios: Use AI to propose possible threat actor tactics, techniques, and procedures against specific environments or assets.
Generate Threat Detection Rules: Use AI to automatically create detection rules based on observed patterns.
Generate Threat Summaries: Use AI to produce concise summaries of complex threat reports or alerts.

Vulnerability Assessment: Incorporates real-time data from various sources to identify potential threats and vulnerabilities.
Digital Footprint Mapping: Creates a digital footprint of an organization's ecosystem to identify exposed digital assets.
Fraud Detection: Identifies and mitigates fraudulent websites, phishing attacks, and other social engineering attacks targeting employees and customers.
Data Leak Detection: Detects sensitive data published on the dark web and other paste sites.
Anti-Counterfeiting: Protects against illegal online sales and counterfeiting.
Brand Protection: Analyzes an organization’s online presence to identify instances of brand impersonation.

Threat Remediation: Outlines clear takedown processes for threats.
Automated Reponses: Implements automated responses to certain types of incidents.
Incident Response Capabilities: Provides resources for a coordinated and efficient response to security incidents, facilitating investigation, containment, and recovery efforts.

Threat Trends Analysis: Offers analytics features to provide insights into digital risk trends and the effectiveness of mitigation strategies
Risk Assessment Reports: Generates reports that assess the overall digital risk posture of an organization. Reports may include an analysis of the identified threats and vulnerabilities.
Customizable Dashboards: Offers dashboards that can be customized based on the key performance indicators of an organization.

Autonomous Task Execution: Capability to perform complex tasks without constant human input
Multi-step Planning: Ability to break down and plan multi-step processes
Proactive Assistance: Anticipates needs and offers suggestions without prompting
Decision Making: Makes informed choices based on available data and objectives