Batman and Robin. Peanut butter and jelly. Bernie and his mittens.
Some things just go better together.
Security orchestration, automation and response (SOAR) and threat intelligence platforms (TIPs) are two backbone technologies of every modern security operations team. In fact, Gartner views TIP as one of the components that make up a complete SOAR platform.
(Gartner, “Market Guide for Security Orchestration, Automation and Response Solutions,” 2020, Claudio Neiva, et al, 21 September 2020)
However, life was not always easy for organizations looking to implement SOAR and TIP. One choice was to purchase SOAR and TIP separately, and put in the work to integrate the two. The other option was to buy a solution that contained both, but this meant serious compromise on one of the two, as offerings were often deeply rooted in one but not the other.
This changes today.
We are delighted to introduce ThreatFuse, the first solution that combines best-of-breed SOAR with best-of-breed TIP. ThreatFuse delivers a leading TIP, powered by market leader Anomali, which is deeply integrated with the Siemplify Security Operations SOAR platform. The result? Intelligence-driven security operations has never been simpler or more accessible, no matter the size of your organization.
ThreatFuse is first and foremost a full-fledged TIP, allowing you to input multiple feeds and correlate, deduplicate and score threats. But the real magic happens through the tight integration with the Siemplify SOAR platform. Pre-packaged use cases (available on the Siemplify Marketplace) ingrain threat intelligence into every step of the detection and response process, allowing you to better perform:
1) Event Triage
Aggregated threat intelligence supports event triage and decision-making by determining if an indicator is suspicious and at what severity level. Deep intelligence context is added to events, providing detailed information about associated threat actors and any known campaigns when a malicious threat is discovered.
2) Intelligence-Driven Investigation
Contextual intelligence drives intelligence-based investigations that use associated indicators from an enriched entity to find other relevant indicators of attack.
3) Proactive Defense
Newly discovered indicators can be used to trigger playbooks that defend corporate environments through automatic detection and response. Filters and thresholds can be applied to limit the types of threats or entities that trigger automated response.
4) Intelligence Sharing
False positives in an environment can be shared to make sure the data is not used in the future. “Trusted Circles” enable intelligence sharing with the security community when new threat indicators are discovered.
You may not be able to call up Batman and Robin for a one-two punch against those evil cybercriminals, but ThreatFuse’s SOAR/TIP is one combo you can put to work right now.
Nimmy Reichenberg is CMO at Siemplify.