Welcome to the final EclecticIQ newsletter of 2018!
As a year comes to an end, security vendors love to peek into their crystal balls and make predictions for the coming year. We are no different and have dedicated an entire report to it in which we'll take a look at threat trends we're expecting for 2019 - and look back at some of the prominent trends that emerged over the past 12 months.
In addition, we'll reflect on how 2018 has been for us as a company. We've added new integrations to our Platform, launched new Fusion Center products, significantly grown our staff and expanded our reach to new regions.
Firstly, a few words from our CEO Joep Gommers on what 2019 holds for EclecticIQ:
December is filled with many traditions. The most prominent one in the security space is predictions on coming threats. But before we look at what we think is coming in 2019, we took a moment to reflect on what vendors believed were going to be the hot topics in 2018 to see if those predictions were correct.
Check out our website for an overview of all our integrations. We update the page as we add new integrations to our ever-growing catalog.
The EclecticIQ integrations train keeps on rolling, delivering a steady stream of new and updated integrations right up to the holiday season. In Q4 there were 13 new integrations released as well as over 50 updates and fixes to existing ones, plus 3 Integration Apps.
The integrations contain a mixture of feeds and enrichers. To give you a flavor of what has been released, here’s a couple of highlights.
As a leading provider of industrial control systems cybersecurity, the Dragos threat detection and response platform codifies decades of real-world experience in advanced threat analytics. It provides operational and information technology practitioners unprecedented visibility and prescriptive procedures to respond to adversaries in the industrial threat landscape. Through the integration with EclecticIQ Platform, Threat Intelligence Analysts now have access to relevant reports, Indicators, Threat Actors, TTPs and observables that Dragos provides for this unique threat landscape.
• Intel 471 Malware Intelligence
Intel 471's Malware Intelligence provides high fidelity and timely indicators with rich context. It enables organizations to immediately block and gain understanding of crimeware campaigns as soon as cybercriminals carry out attacks. This intelligence aids threat detection, incident response, hunting, as well as threat intelligence use cases within SOCs, security and incident response teams. EclecticIQ's Platform integration supports the ingestion of Malware Intelligence reports, TTP information, file and network-based indicators, all mapped to MITRE ATT&CK.
Check out our integration page for an overview of all our integrations. We update the page as we add new ones to our ever-growing catalog.
What’s an ideal present for a CTI Manager or SOC Director for the upcoming seasonal holidays? How about a single curated source of relevant CTI from leading global suppliers?
We have 5 Intelligence Bundles – each centered around a specific intelligence requirement:
Depending on how you want to process the fully-fused threat intelligence, for each of the bundles you can select one or multiple options:
With this option, you receive STIX-compatible intelligence relating to – for example – threat actors, their intrusion sets and associated campaigns and TTPs.
The intelligence you receive has been processed and curated by EclecticIQ Fusion Center. It includes our analysts’ insights to incidents within the cyber landscape, providing you with context and a level of response. Structured intelligence is delivered either using STIX 1.2 over TAXII 1.1 or EclecticIQ JSON over TAXII 1.1.
This option gives you a dual report stream: Digests and intelligence reports.
Digests are headlines and summaries of relevant events in the last reporting period.
Intelligence reports are real-time, in-depth updates on the latest intelligence findings. These comprehensive reports contain a full list of related entities, including indicators and qualitative analysis from our experts. They are published as soon as they are completed. Reports are delivered via HTML email.
Digests: Once per business day Intelligence reports: Real-time
The blacklist option provides Security Operations Centers (SOCs) with a stream of high-confidence malicious observables from across our sources that can be leveraged as part of a network defense capability with minimal validation or qualification.
These blacklists can be directly fed into your IT Security Controls in line with your policies and processes. The blacklists are made available to download in a CSV or CEF format.
For more information about the EclecticIQ Fusion Center Intelligence Bundles, visit the Fusion Center page.
Finally, some useful links and videos to improve your understanding of Threat Intelligence and EclecticIQ.
We have a lot more to share! Our blog holds valuable content and is a good place to deepen your knowledge in everything related to CTI. Topics you will find interesting include: ACH, STIX, GDPR and more.
We also publish vulnerability trend reports and situational awareness reports to keep you up to date.
Make sure to subscribe to our blog to receive a notification as soon as new posts appear.
Best wishes for a happy new year!