BrandProtect Updates threatSMART Platform, Integrates With Splunk and ArcSight

analytics-925379_1280BrandProtect has extended its threatSMART platform for cyber threat monitoring, intelligence and mitigation with new features designed to speed analysis and enhance defenses against modern cyber exploits, including socially engineered spear phishing, ransomware and other BEC attacks.

New platform enhancements include MX-Record Monitoring, Advanced Incident Correlation, the BrandProtect ThreatCenter, and new direct connections of threatSMART data feeds to popular enterprise threat analytics platforms Splunk and HP ArcSight.

“Enterprise-targeted cyberattacks are evolving rapidly. Yesterday’s broadly targeted phishing, social media, and domain exploits, have been replaced by socially engineered phishing, BEC and other focused and unfortunately, effective, schemes,” said Roberto Drassinower, BrandProtect CEO. “Today we announce the latest of our continuous enhancements to our threatSMART platform, again directly addressing the most important pain points that CISOs now face. We are filling the gaps for threat detection, intelligence and mitigation of cyber threats that arise beyond the traditional security perimeter.”

MX-record monitoring provides CISOs with early warnings about newly activated email domains that might be used for imminent spear phishing or BEC attacks on their employees or business partners. An MX-record is a type of resource record in the Domain Name System that, when active, allows a domain to communicate with other email domains. Now, MX record monitoring is a standard part of all BrandProtect domain monitoring services

Advanced Incident Correlation provides CISOs with visibility to the linkages that may exist between diverse incidents that look unrelated to one another. When validating an incident, the threatSMART platform automatically gathers documenting information and threat data, such as registrar, registrant, ISP, IP address, Twitter ID, geography, date, time, etc. ThreatSMART uses this information to identify similar incidents across the repository of threat data maintained at BrandProtect. When correlations are identified within a single customer’s data or across the millions of current suspicious events in the BrandProtect ThreatCenter, the linked incidents can be reprioritized and different mitigation strategies can be used.

The BrandProtect ThreatCenter contains a continuously updated collection of suspicious Web events, detected within public domain across the surface, deep, and dark Web locations. The data includes potential threats across all industries. BrandProtect cyber threat analysts leverage this data not only to validate and verify actual cyber threats against client companies, but to also uncover subtle patterns and linkages that define threat trends, identify threat actors, and give early warning to future potential threats.

Those of you looking for a more in-depth breakdown of the SIEM market may also be interested in the following resources:

Compare the capabilities of the top SIEM vendors with Gartner’s 2015-2016 SIEM Critical Capabilities Report. Get your copy here.

Looking for a straight forward, side-by-side look at what each SIEM solution provides? Check out the new 2016 Solutions Review SIEM Buyer’s Guide to get a little more background information on today’s top 24 SIEM providers.

Jeff Edwards
Follow Jeff

Leave a Reply

Your email address will not be published.