EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

A Rich Threat Intelligence Platform (TIP) – Fusion Center Analysts on Their Favorite TIP Features

Aleksander W. Jarosz February 15, 2019

A Rich Threat Intelligence Platform (TIP) – Fusion Center Analysts on Their Favorite TIP Features

By Aleksander W. Jarosz, Fusion Center Analyst 

Our Fusion Center analysts are heavy users of EclecticIQ Platform and know the product inside out. Threat Intelligence analyst Aleksander W. Jarosz talked to his Fusion Center colleagues to find out about their favorite platform features.

“The IT community is confronted with incidents of all kinds and nature; new threats appear on a daily basis. Fighting these security incidents individually is almost impossible. Sharing information about threats among the community has become a key element in incident response to stay on top of the attackers. Reliable information resources, providing credible information, are therefore essential to the IT community, or even at broader scale, to intelligence communities or fraud detection groups.”

(Abstract from ‘MISP -The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform’, Cynthia Wagner et al., https://github.com/MISP/MISP)

Threat intelligence practices promise to become a cornerstone of the IT security landscape. Good threat intelligence begins with adopting strong practices and following a strong data model. Analysts need a robust software package to provide a dynamic workspace to enable them to bring together disparate information into an effective structure that yields larger patterns. It is this software that provides the means to express intelligence patterning and allows EclecticIQ to make predictions about the threat landscape.

EclecticIQ Platform allows Fusion Center analysts to rapidly structure and link pieces of intelligence into more coherent data. The TIP combines source feeds that comprise the latest threat intelligence from a plethora of producers and aggregators. The EclecticIQ TIP includes core features that allow analysts to maintain and shape threat intelligence data in a way that adds substantial value. From a Fusion Center point of view, it allows our analysts to connect additional data that reveal larger trends and patterns to clients. In turn, our customers are able to be more reactive and adopt an advanced posture in mitigation and response to the myriad threats they face.

Here are some of the core features of the EclecticIQ TIP that Fusion Center analysts enjoy using to amalgamate intelligence:

> An SDK that allows analysts to customize and extend features of the platform

The backbone of the TIP includes software that allows analysts to drill down to specific entities and build out new features on demand. This adaptability helps analysts evolve with the threat landscape and customize features as threat intelligence becomes more complex.

> Ability to visualize intelligence and relationships between multiple sources, threats and attack patterns

Threat intelligence data is only as good as what you can do with it. Along with the ability to present granular data to clients, the TIP provides a visual web of entities and how they are connected. Clients can use this to walk through the connections (path-walk) between different threats, threat actors and malicious infrastructure. This provides a strong way to visualize the data. Having this visual representation is a powerful tool for uncovering patterns and the larger structure within malicious incidents. This helps analysts understand the complex interrelated nature of the threats faced by clients.

Relationships of activity within Magecart

Figure 1. Relationships of activity within Magecart.

> The ability to perform an investigation and report entirely within the platform

Analysts can fuse and create data within the platform. Fusion Center analysts create data through their own investigations into security incidents, attack patterns, malware behavior and more. New entities or information added to existing entities provide extra value to our clients. Proprietary intelligence gained through investigations enhances client knowledge around cyber threats and improves their security posture. The TIP is highly integrated and allows analysts to perform investigations and threat hunting by pivoting between multiple sources and enrichments (like WHOIS data, results from VirusTotal, GeoIP data, etc.). Analysts can then use the results from these to further enrich the intelligence and provide clients with an extra edge. Staying within the TIP to create, write and edit a threat intelligence report is a time saver and allows analysts to focus on the quality of the data.

> Dynamic datasets and filters based on nuanced, granular search queries

This feature allows analysts to isolate specific data and filter out the noise. This is crucial as threat intelligence evolves within an increasingly complex structure. It is important to pinpoint the relevant intelligence. Fusion Center analysts like this feature because it allows EclecticIQ Fusion Center to produce more accurate intelligence and filter out false positives. This provides clients with more accurate information on topic-specific areas that they can successfully action.

Picture2_Banking Trojans

Figure 2. Drilling down to specific banking trojans delivered within the last month.

> Relationships are automatically enriched further with additional source data 

The ability to automatically add relevant data to new and existing entities is instrumental in adding value to intelligence. This feature allows Fusion Center analysts to pivot off a single specific indicator or entity to discover larger connected infrastructure used by threat actors and malware. The automation is valuable because it enables Fusion Center analysts to focus on the quality of the intelligence.

The above is just a snapshot of the many features that EclecticIQ Platform holds. Yet, as is the case with any software, there are certain features that individual users find more useful. Our mission is to provide an analyst-centric Threat Intelligence platform, so our product development team is interested in receiving feedback like the above from own analysts. 

If you are an analyst using our platform, or any kind of TIP, reach out and let us know what your favorite day-to-day features are.

We hope you enjoyed this post. Subscribe to our blog for more interesting reads on Cyber Threat Intelligence or check out our resource section for whitepapers, threat analysis reports and more.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (121)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo