By Mark Huijnen, Product Marketing Manager
The latest version of EclecticIQ Platform, our analyst-centric cyber threat intelligence platform, is here.
Release 2.7 pushes the platform forward in ways that benefit both analysts undertaking investigations and system admins responsible for keeping the system secure, compliant and running smoothly.
You can watch a full rundown of features in this quick tour video from the team or continue reading for an overview.
Improved user experience for the analyst
The previous release of the platform (2.6) focused entirely on the analyst user experience. It contained many changes to the search engine and the graph, which are essential day-to-day tools for analysts. With 2.7, we continue down that UX path and introduce two additional features to the search engine and the graph to save analysts time.
First, we added Search Autocomplete, which is especially useful if you’re new to the platform. Search Autocomplete helps users create advanced search queries by offering suggestions based on their input. You can now start to assemble advanced search queries quickly without having to master complex syntax, memorize fields and values, or rely on others for help.
Platform 2.7 search autocomplete
Second, analysts can now create new entities and multiple relationships directly on the graph. You no longer have to navigate away from the graph to add intelligence. Consequently, you can stay in context, resulting in less context switching. That means you can enjoy a more intuitive way of working and draw in new information from prior intelligence while investigating threat. (Please note: this feature is still in beta and will be hidden from your users by default.)
Platform 2.7 create intelligence on graph entities beta
Better data management
But one of the best features in this release is buried under the hood. With data-ingestion streams growing every day, we have upgraded the platform’s data-ingestion engine.
This is more than just a simple update; this is the first step of a complete overhaul that we will continue to build on in future releases. We’ve even given it a name: quuz (hint: it’s pronounced like “queues”).
quuz is a flexible, transactional, database-backed task queue library that functions as a traffic controller for new incoming data. The main benefit it delivers with this release is vastly improved feed isolation. Incoming feeds do not interfere with one another, which greatly reduces the risk of deadlocks.
In addition, we improved support for implementing a data retention policy to handle private data prudently and support compliance with legal or regulatory requirements. System administrators could already automatically delete private data from their databases by defining rules based on entities. Now they can also define rules based on observables. This means you can target data more precisely and get more control over the data that is stored in your platform.
Platform 2.7 improved data retention policy support
Finally, release 2.7 contains a number of changes to the platform that enhance its overall software capabilities.
First, we have implemented support for Access Control Lists in graphs. This allows analysts to store and share graphs without exposing restricted data to unauthorized parties. Restricted data will not be exposed to users who are not supposed to see it, but they can still use the intelligence that is available.
Second, the platform now supports Two-factor Authentication, which is important when you are granting users access from the open Internet. Two-factor Authentication allows system administrators to strengthen user authentications with a second factor using the Time-based One-time Password algorithm. This enables users to quickly and securely log in with a dynamic password using a smartphone app. As a result, your platform remains secure even if user credentials are compromised.
Platform 2.7 two factor authentication
Last, in our quest to develop the world’s most analyst-friendly threat intelligence intelligence platform, we need to understand the joys and pains of real users. And the sooner we get your feedback, the better. That’s why the platform now comes with a Beta Feature Toggle. This allows system administrators to give users early access to selected features we are working on before they are officially released. Your users can safely test new features and give us valuable feedback without having to deploy a separate testing environment.
Want to know more?
If you would like to learn more about this release or find out how EclecticIQ can strengthen your cyber defenses, please get in touch.
We hope you enjoyed this post. Subscribe to our blog below for more interesting reads on Cyber Threat Intelligence or check out our resource section for whitepapers, threat analysis reports and more.
(Quick tour video music: Mo Vibez X Creepa - DR777 – see https://www.youtube.com/watch?v=aglY_eFY4I8)