What our customers love
Our uses of the CTI
Analysis and investigation platform
Our cyber intelligence platform, built on OpenCTI, provides security experts with a comprehensive view of attack indicators and malicious actors. This consolidated global perspective helps accelerate investigations and enables quick and easy assessment of the threat landscape. By contextualizing various threats, our platform enables a better understanding of the situation, leading to more effective responses.
Global abstract for both
Our two approaches are distinguished:
On one hand, by the provision of global information on cyber intelligence (OpenCTI) combined with indicators of compromise (IoC):
– indicators of compromise (IoC): SHA1, IP, Domain
– arsenal, techniques and threat activities (APT) consolidation
– sectoral and regional consolidation
On the other hand, the flow of information allows transformation and direct use in a complete cyber ecosystem:
– threat blocking (IP and Domain blacklist)
– contextualisation and enrichment
– automatic creation of rules (Yara)
Benefits of a CTI solution
LastInfosec, Gatewatcher CTI technology, continuously checks and evaluates data sources accessible across multiple channels: social networks; specialised sites; darknet and deep web; to collect indicators and early signs of compromise. Through enriching and contextualising this to your activity, the analysis time of a threat upon its detection is significantly reduced.
LastInfoSec facilitates fast and informed decision-making for your operational security teams. Significantly reducing their analysis and reaction time in the event of an incident without modifying internal processes, the time savings can be channelled into more qualitative coverage of alerts.
LastInfoSec consists of a library of several million indicators of compromise (IoC). Its automated collection, analysis and correlation engines ensure that threat information is available on average 24 hours prior to competitors, with more than 5,500 new markers validated and enriched every day.
Because our data is already enriched and contextualised, only relevant alerts which include all necessary information are generated. False positives from your existing solutions, or third party Threat intelligence sources are also reduced by converging with our CTI feed.
Structuring of cyber intelligence
the use of a standard such as OpenCTI allows rapid deployment and daily usage by multiple SOC experts.
An exhaustive number of threats covered
the collection of raw data across a broad spectrum guarantees relevant monitoring of threat trends (APT)
Automatic creation of signatures
The industrialisation of detection rules protects our AIONIQ customers at the earliest opportunity against the latest attack techniques (CVE exploitations)
Automatic qualification of indicators
automatic submission of indicators from your detection solutions (IDS, NextGen Firewall, EDR, SIEM, SOAR, Sandbox) allows complete contextualisation and rapid remediation