EclecticIQ Newsletter Q3-2018

Source crafting

So your SOC operation uses threat intelligence on a daily basis, your organization has established a cyber threat intelligence practice and you have a TIP to support your analysts’ work. That’s a great start.

But you may be processing multiple feeds and finding that intelligence from vendor A significantly differs from vendor B. Or perhaps your analysts are having a hard time aligning the content from each feed with your own STIX data model?

Don’t worry: This is where source crafting can help.


A look under the hood - the EclecticIQ Fusion Center data model

You know how seriously we take threat intelligence standards. But STIX is very flexible with a lot of room for interpretation. That means that two analysts in the same organization can easily create multiple interpretations of the same data.

In this blog post we show you how we agree on data models at EclecticIQ Fusion Center so our analysts can work with different feeds but with a consistent structure.

Product News

Sneak peek into EclecticIQ Platform release 2.3.0

Can’t wait for the end of September to find out what’s in EclecticIQ Platform 2.3.0? Well, you don’t have to. Here’s a sneak peek as to what’s planned.

The new features revolve around two themes:

  • Collaboration with external parties within the platform
  • Data management

Release 2.3.0 provides enhanced collaboration within EclecticIQ Platform and delegated administrative responsibilities for teams or groups. The enhanced sharing capabilities of workspaces, datasets and graphs ensures that analysts have better control over who can view and collaborate within these features. These features not only improve the cooperation among analysts, but the organization is assured that confidentiality is more easily protected at a granular level.

With release 2.3.0, data retention management allows system administrators to automatically purge threat intelligence in accordance with your organizational policies. The automated deletion of threat intelligence makes it simpler to remove irrelevant information and only retain intelligence that you need.

retention-policy.png#asset:4200

Editing a retention policy entity


EclecticIQ Platform Integrations and Apps update

The steady stream of new and updated integrations continues. In Q3 there are seven new integrations planned, as well as eight updates to existing ones and an integration app.

The integrations contain a mixture of feeds and enrichers. To give you a flavor of what’s in production, here’s a couple of highlights.

  • Kaspersky Threat Intelligence Data Feed
    This integration lets analysts leverage a wealth of threat intelligence data, including TTPs, Indicators and observables (via the URL and IP address feeds) within multiple categories of interest, such as ransomware, phishing, malicious URLs, IP reputation, malicious files and trojans for mobile and botnets.
  • Honeypot.DK
    This niche supplier is a must-have when it comes to knowing about threats related to critical infrastructure sectors, industrial control systems (ICS) and SCADA (supervisory control and data acquisition).
  • Phantom
    This integration is slightly different. No plugin for EclecticIQ Platform is created. Instead an EclecticIQ Phantom App for the Phantom Security Orchestration tool is created. This app lets you interact with EclecticIQ Platform, allowing the Phantom Security Orchestration tool to request information from EclecticIQ Platform and process the received information.

Check out our website for an overview of all our integrations. We update the page as we add new integrations to our ever-growing catalog.

EclecticIQ Fusion Center Intelligence Bundle update

The beauty of our Intelligence Bundles is that they provide you with a single curated source of relevant CTI from leading global suppliers. We have five Intelligence Bundles – each centered around a specific intelligence requirement:

EIQ_FC_pictograms_sept2018.png#asset:4172

It’s difficult to pick out just a couple of things to highlight from EclecticIQ Fusion Center as there is so much we could cover. But – to give you a flavor...

Our analysts are continually looking at ways to enhance their way of working. Most recently the underlying research process for investigating the country regional intelligence has been improved, which directly benefits customers who receive our Victim-centric bundle. This bundle of structured intelligence provides customers with actionable intelligence associated with data breaches of their organization or targeted against specific regions of interest. With the research improvements, it means that the intelligence you receive is of even better quality than before.

The foundation which underpins all our structured intelligence is what we call Knowledge Mastery. The improvements that we’ve introduced mean that our core intelligence is now STIX 2.0-aligned, the data is of higher quality – both in terms of structure but also relationships and there being less noise due to a significant reduction in uncategorized data. What’s even better is that any advancements we make here ripple through everything that we do – so all our customers feel the benefit!


Upcoming events

GovWare 2018

September 18, 2018 • Conference • Singapore

The 27th GovWare conference in Singapore invites cyber professionals, policymakers and innovators to discuss key challenges in establishing a rules-based and norms-based cyberspace.

Read more

Borderless Cyber USA 2018

October 03, 2018 • Conference • Washington, D.C. USA

Can you identify and report cyber incidences so you can respond quickly to manage consequences? Join us in Washington D.C. and learn how to future-proof your cybersecurity strategy.

Read more

DerbyCon 8.0 “Evolution”

October 05, 2018 • Conference • Louisville, Kentucky, USA

Join delegates at the eighth Evolution conference in Louisville, USA. And don’t miss a presentation from EclecticIQ’s Katie Kusjanovic on threat intelligence in theory and in practice.

Read more

it-sa 2018

October 09, 2018 • Expo • Nuremberg, Germany

it-sa is Europe’s largest expo for IT security. The exhibition in Nuremberg, Germany, is a unique platform for IT security officers, developers and providers of products and services for IT security.

Read more

NIAS18

October 16, 2018 • Symposium • Mons, Belgium

NIAS18 is a three-day event that will see NATO and national leaders, as well security specialists from across the Alliance, industry and academia, discuss ways of ensuring the protection and resilience of our defenses in the face of unprecedented levels of cyber attacks.

Read more

GRF Summit on Third-Party Risk

October 24, 2018 • Summit • Leesburg, VA USA

Meet us at the Global Resilience Federation’s summit on third-party risk. Held in Leesburg, USA, the summit will offer training, education and networking opportunities around the critical cyber and physical security issues facing organizations today.

Read more

New in our team

Alisdair McLaughlin

Solutions Specialist

Bartłomiej Kozal

Software Engineer

Stacey McKenzie-Vass

Legal Counsel

Vasilii Mikhailov

Integration Engineer

Jelena Pajin

Project Manager

“Every day in the life of a project manager at EclecticIQ is different. The requirements and challenges that our customers bring to us are very complex and different, so the EclecticIQ team continually tries to find innovative solutions to bring value to our customers. Although the detail changes, my typical day includes what I call 3C3P. This refers to three activities: Communication, coordination and control over three themes: People, projects and products.

On the personal side, I am very social person, so I prefer working closely with people. I like to spend my free time in nature and enjoy being surrounded with my family and friends.”

Hey, we’re hiring!

Our rating on Glassdoor

Resources

Finally, some useful links and videos to improve your understanding of Threat Intelligence and EclecticIQ.

Unpacking the Threat Intelligence Practice

Join our CEO Joep Gommers as he unpacks the concept of Threat Intelligence Practice.

Threat Intelligence Platforms: The Missing Link Between People and Automation

The Vulnerability Disclosure Process Still Broken

ThreatPost - September 05, 2018

Batten down the ports: Linux networking bug SegmentSmack could remotely crash systems

The Register - August 07, 2018

Three months ago, we started the EclecticIQ blog to share Intelligence reports from our Fusion Center (such as the Monthly Vulnerability Trends), provide insights into complex topics such as how GDPR impacts the work of a threat analyst and the role of a TIP in a SOC.

Don't forget to subscribe to our blog - we'll notify you as soon as new posts appear.

Kindest regards,

Martin Voorzanger
Director of Marketing