Home » Technology » Vision (CI/CP)
The only way for today’s security teams to effectively manage the huge amount of data points they have to digest is by implementing a modern methodology which is continuous, fast, iterative and smart. The cornerstone of the CI/CP framework lies in quickly and intuitively connecting the dots between a singular tactical incident and the broader strategic landscape.
Cybersixgill pioneers the Continuous Investigation/Continuous Protection™ (CI/CP) approach to security. CI/CP uses automation tools that empower security teams to collect, analyze, research, and respond after each intel development as seamlessly as possible. Focusing on maximum security readiness at any given time, Continuous Protection naturally leads to Continuous Investigation.
Real-time collection that enriches your data lake. In order to support a continuous CI/CP process, you must ensure there is a continuous stream of valuable data from the darkest corners of the underground. It is vital that these collection mechanisms be agile enough to seamlessly adjust themselves to the changing nature of the threat actors’ ways of communications.
Data, even in a raw form, is never collected in a vacuum. Every IP has a “story”. Every post has an author. Every product that is sold on the dark web has a customer base. These details matter when you want to create CI/CP driven processes. Any data point that is being collected should be processed, structured and correlated with other data sets in order to connect the dots and complete the bigger picture.
By implementing CI/CP, security teams can better understand a threat actor’s mindset; from connections, through expertise, all the way to what motivates them. This deep understanding of threat actors’ M.O.s enables security teams to better anticipate, intercept and respond to incoming threats.
An investigative portal should enable you to discover:
CI/CP driven threat intelligence processes empower you to have a full-cycle of agile responses. As soon as a new data point reaches the data lake, it is pushed to your security platform and is correlated with other indicators you already have. The data is aggregated, and the appropriate playbooks are triggered. After preventing the initial threat, you should now circle back to the data point that triggered the incident and thoroughly investigate it to understand the causes of the incident, and take actions to improve your security posture. CI/CP leverages an investigative portal that allows you to effortlessly deep dive, slice and dice the data and accelerate time-to-insights.
When implementing CI/CP, you have to make sure that the data enables you to respond seamlessly with each intel development. CI/CP advocates integrating threat intelligence feeds with your security platform—whether it is a SIEM, SOAR, EPP or VM—in a way that each meaningful data point will trigger an action on your end to mitigate the threat.
Implementing CI/CP threat intelligence means teams are constantly and proactively responding to the most updated intelligence picture, generating fresh, relevant intel to take incident detection, prevention and response to the next level, with minimum business interruption, breaking security siloes and maximizing the performance of security teams, platforms and processes.
Automatically gain access to remediation information for each vulnerability directly from NVD, MITRE and other vendor sites.
Receive a full intelligence picture of the vulnerability, complete with context – including a comprehensive audit trail of the data we have collected on the actors and their discourse, exploit kits, attribution to malware, APT and ransomware. This includes a score of the likelihood a vulnerability will be exploited over the next 90 days, hours after the CVE is first published. Unlike CVSS, this score is continually updated in real-time in response to the threat intelligence we gather.
Map vulnerabilities to MITRE ATT&CK framework to anticipate how, when or why criminals will exploit each vulnerability, listing the CVEs used in the context of each technique to assess the risk to your organization and prioritize remediation efforts.
Accurately match organizational CPEs identified in step 1 to specific, related vulnerabilities (CVEs) to determine which vulnerabilities are exposing your systems to attack.
Discover and scope the relevant organizational assets (ie. CPEs) and vulnerabilities (ie CVEs) or identify specific CPEs and CVEs that are of interest.