EclecticIQ Newsletter Q2-2018

Personally identifiable information (PII) becomes a crucially valuable asset for businesses under GDPR.

PII needs to be protected even more effectively than before and companies can face considerable fines for non-compliance. And for those which suffer a security breach, the need to report such incidents can damage reputations.

The question is: does the heightened need to protect PII make it an even more appealing target for hackers?

Meanwhile, the stricter GDPR limitations on access to WHOIS data makes it even harder for threat intelligence analysts to obtain relevant information to continue their investigation. This means analysts must adopt a new approach to investigations.

EclecticIQ senior intelligence analyst Caitlin Huey explains how to work within the new GDPR restrictions.


GDPR due diligence recap

We feel confident there isn’t much that we can tell you about GDPR that you haven’t heard already. However, now the dust has settled we thought it would be a good exercise to look back at the pre-GDPR days. Join us on a quick walk-through on some of our due diligence activities and compare your experience to ours.

Quiz – Which statement about GDPR is correct?

Nope... try again. GDPR is not for the faint of heart.

Correct: data controller and data processor (see GDPR, chapter 4).

Risky Biz Soap Box: Kill your own meat with EclecticIQ

Listen to the Soap Box episode #13 on Risky Business, published weekly since 2007. This time, Patrick Gray interviews our CEO Joep Gommers to wrap his head around Threat Intelligence.

Product News

EclecticIQ Platform 2.2 is scheduled to be available at the end of June 2018. We are very excited about what’s in it so we’re giving you a sneak peek.

Sneak peek into EclecticIQ Platform release 2.2

The release includes further improvements for managing user authentication and enhanced upgrade procedures.

With the user authentication feature, we are making it easier to tie the management more closely to the customer’s specific company policies and allows users to self-service with a password reset feature.

From release 2.2 upgrades become easier. The current restriction to install the intermediary releases has been removed, and virtual machines can be upgraded with a single command!

Why not give it a go? Just get in touch with your customer success team representative and schedule an upgrade to release 2.2.

Another big change in release 2.2 is to how our documentation is created and delivered to you. From this release, documentation will be available to the user both inside EclecticIQ Platform and via the support portal as well.

This lets you give feedback directly on the documentation, access documentation for multiple versions of the platform, and get a better reading experience inside the platform.

Integrations galore!

We have 10 new integrations planned for release this quarter. This is in addition to nine updates for existing integrations. Yes, our development team has been very busy.

The release will include SIEM integrations and feeds as well as enrichers. It’s hard to pick which of the new integrations to highlight as they all add value in their own unique way.

But we think RiskIQ is worth a special mention. RiskIQ manages digital risk for organizations and we’re extending the catalog of supported services. With the planned functionality, EclecticIQ Platform users will be able to surface typo-squatting or brand-infringing domains, as well as phishing or blacklisted content.

In addition to this integration, there is also Cisco Umbrella, NSFocus, Symantec DeepSight Intelligence Datafeeds and VirusTotal Private API, to name a few.

Check out our website for an overview of all our integrations. We update the integrations page as we add new ones to our ever-growing catalog.


Upcoming events

30th Annual FIRST Conference

June 24, 2018 • Conference • Kuala Lumpur, Malaysia

Meet us in Kuala Lumpur, Malaysia, at the 30thAnnual FIRST (Forum of Incident Response and Security Teams) conference.

Read more

Threat Intelligence overhyped?

July 11, 2018 • Seminar • New York, United States

Get your free seat for our first New York City get together, with speakers from OASIS and EclecticIQ (RSVP required).

Read more

Borderless Cyber USA 2018

October 03, 2018 • Conference • Washington, D.C. USA

Meet us in Washington D.C., for the yearly OASIS conference, jointly organized with Georgetown University and The World Bank.

Read more

New in our team

Jo Wall

Product Marketing Manager

Mohamed Nadji Raib

EMEA Account Manager

Marius Voila

Cloud Architect

Andrew Foster

Senior Threat Intelligence Analyst

Ewan Hubac

Product Manager

“As an Integrations Product Manager, I make sure threat intelligence analysts always have the most relevant and most up-to-date, actionable data. This data, combined with their expertise, helps them forecast cyber attacks and keep their organizations safe.

Over the last 10 years, my curiosity and taste for challenge led me through various roles and places, ranging from cold data center alleys to hedge fund trading floors.

I'm an avid traveler and language enthousiast, I've played guitar at a profesional level, and enjoy spending my free time practicing Muay Thai and playing competitive video games with my friends.”

Hey, we’re hiring!

Our rating on Glassdoor

Resources

EclecticIQ Fusion Center Report: Possible APT33 Return Adds to Uptick in Iranian Activity

Threat Intelligence Report

EclecticIQ Fusion Center Report: Possible APT33 Return Adds to Uptick in Iranian Activity

In the same week as spotting fresh Intrusion Set: Greenbug activity, EclecticIQ analysts have observed a number of malware samples in the wild from fellow Iranian espionage group Intrusion Set: APT33.

Download report and STIX entities
EclecticIQ Report: Targeted Attacks Against Russian Service Center

Threat Intelligence Report

EclecticIQ Report: Targeted Attacks Against Russian Service Center

Fortinet reported about a series of attacks targeted at service centers in Russia. The service centers provide maintenance and support for a variety of electronic goods.

Download report and STIX entities