Bringing the contextual semantics of open source cyber surveillance to enterprise cyber defense
Real-time threat intelligence about the ecosystem used in cyber attacks ( botnets, intrusions, phishing scams, spam campaigns, malware delivery, and Distributed Denial of Service attacks) provides a rich repository of big data for harvesting. Our semantic technology for the cyber domain connects the dots and interprets the risk for your organizational profile. If your firm is developing a critical technology for national defense, our solution pin points the cyber attacks targeting your organization based on the attributes of your firm and what is going on in the wild right now. Our Threat Intelligence Knowledge Base contains current and historical intelligence on millions of suspicious entities such as domain names, nameservers, and IP addresses. The knowledge base contains not only the facts about the individual domain and IP address namespace entities but also the relationships among the malicious entities (e.g. the use of the same infrastructure in different cyber attacks). Our knowledge base aggregates open source data feeds, continuously monitors the the information in real-time and scores the malicious entities by their behavior and organizational targets using semantic analysis.
What are the benefits of our semantic cyber defense solution?
- Semantic knowledge management: Our solution provides intelligence not only about the individual entities but also the semantic relationships between the malicious entities and their targets. Ecosystem entities reused by the adversary are instantly analyzed for in depth threat understanding.
- Semantic inference: Our solution actively monitors the domains in malicious data feeds, computes the malicious intent scores based on various indicators and cross correlates the results with passive DNS monitoring while matching the target attributes to those for your organization.
- Real-time: It detects botnets used for malware delivery, phishing attacks, and spam campaigns within minutes providing near real-time analysis, and enables your organization to avoid incurring damage from a malicious attack due to early detection.
- Early warning: It provides early warning about entities by analyzing the relationship of a monitored entity's attributes to those of known malicious actors. Our solution derives the evidence from the knowledge graph of the ecosystem.
- Scalability: Our solution is based on triple stores that have been deployed to handle billions of facts. In addition, our ontology based approach easily grows with the domain knowledge in contrast to static relational schema. We have developed various tools include managing the growth of ontology classes, properties and instances.
- Evidence based: Our reputation scores are based either on the malicious behavior of a monitored entity, or its relationship with other malicious entities. The evidence can be reviewed by the analyst, or programmatically integrated into IS applications through the available API.