SOC Series: Threat Intelligence Exactly When & Where You Need It

SOC Series Oct 07, 2020

Today’s post continues an ongoing series on Polarity Security Operations Center (SOC) use cases; demonstrating how Polarity enables you to see the story in your data without sacrificing thoroughness or speed.

Threat Intelligence for intelligence sake is just interesting. Analysts struggle to apply curated Threat Intelligence during event and incident analysis because relating this data to a specific event is extraordinarily time consuming.  A targeted attack by an Advance Persistent Threat is orders of magnitude more difficult and costly to remediate. Critical information about APT tradecraft is rarely available consistently to analysts in the SOC.

Capabilities:

  • Polarity injects Threat Intelligence data directly into the analysis workflow.
  • Curated Threat Intelligence feeds from external and internal TI feeds are presented in real time at the point of analysis:
    • ThreatConnect
    • ThreatStream
    • Internal Threat Team Analysis and Databases
Screenshots from the Polarity Platform's Heads Up Display.

Noticed the highlighted text in the above images. You can see that Polarity's computer vision recognized the text on screen, and in real-time while the analyst is working, it has provided contextual information for the highlighted data in the Overlay Window. This contextual information has been pulled from a variety of Polarity integrations, including FireEye, MISP, ThreatConnect, X-Force Exchange and  Pulsedive, allowing the analyst to immediately see how they could potentially resolve the issue.


To be useful to an analyst for triage and potential battle damage assessment of activity they are investigating, curated threat intelligence needs to be relevant to event data.  Polarity brings several Threat Intelligence platforms into the Polarity HUD (Heads up Display), dynamically providing truly useful threat intelligence for SOC operators.  Threat Intelligence that has to be mined is too time consuming to be pragmatically applied on the fly. Polarity changes that paradigm dramatically.

A close up of a logo

Description automatically generated

Real time Threat Intelligence in Polarity has several benefits including:

  • Analysts are in a much better position to see if activity they are analyzing has the ear marks of a targeted attack.  Are they looking at commoditized e-crime or a campaign against them?
  • Threat Intelligence applied by one analysts can be applied across the entire SOC team.

What Next?

Get your Polarity Community Edition today, or register for a free Jam Session with Polarity’s resident SOC expert, Terry McGraw.

Register now for a special Community Tech Training midway through the SOC Use Case Series, where Terry will share the top 3 use cases covered in our SOC blog series, as well as a preview of the final 6 posts in the series.

Meet the expert: Terry McGraw

Background: Terrence “Terry” McGraw is a retired Lieutenant Colonel from the United States Army and now serves as the President and principal consultant, of Cape Endeavors, LLC, with over 20 years of providing expertise in cyber security architectural design and operations in both commercial and government sectors.

Terry previously served as the Vice President of Global Cyber Threat Research and Analysis for Dell SecureWorks and President of PC Matic Federal.  He retired from the United States Army in 2014 completing 27 years of service; the last 10 years of his Army career were leading key Cyber initiatives for the Army’s Network Enterprise and Technology Command, Army Cyber Command and the National Security Agency (NSA). He has multiple combat tours with his culminating assignment, serving as the Director of Operations, Task Force Signal Afghanistan, 160th Signal Brigade (FWD), providing all strategic communications infrastructure in the theater of operations.


Education: BA in History, MSA in Information Systems Engineering, and a graduate of the prestigious US Army School of Information Technology’s Telecommunication Systems Engineering Course.


Relevant Experience: Terry’s work in the Army leading and operating some of the world’s largest and most complex networks as well as 6 years as Vice President of Global Cyber Threat Research and Analysis for Dell SecureWorks providing managed cyber security services to over 4,000 commercial clients and leading it’s six Counter Threat Operations Centers gives him a deep and broad understanding of the Cyber Threat Landscape.  His entire professional career has been in designing and managing resilient network architectures ensuring the operational readiness thereof.