Partner Spotlight: Get a Complete Threat View With Cisco Umbrella Investigate

Editor’s Note

This is part of a series of blog posts on useful “all-source analysis” research and collaborative approaches using Recorded Future and our OMNI Intelligence Partners.

Summary

Cisco Umbrella Investigate’s threat intelligence on domains, IPs, ASNs, and file hashes can be accessed via an extension built into Recorded Future Intel Cards. Starting with a single piece of data, incident responders can query and find associated domains, IPs, ASNs, and file hashes, drill down on specific behavior indicators, and pivot directly into the Investigate console for additional research. In a single correlated source, Investigate’s threat intelligence enables security teams to uncover threats and tighten the gap between threat detection and remediation.

Challenge

Many security products provide visibility into what’s happening on your own network. But what about the rest of the internet? What about everything going on beyond your perimeter?
News flash — that’s where attackers are staging infrastructure in preparation for launching attacks.
Many organizations have little or no visibility into global internet and attacker trends, including what infrastructure attackers are staging or leveraging on the internet to launch attacks. Additionally, they find it difficult to prioritize incident investigations because they’re overloaded with alerts and lack the context to determine which security incidents would have the most impact on the business.

Solution

Prior to launching a campaign, attackers need to pay for, build, or borrow the infrastructure needed. For example, they set up servers, obtain or reuse IP addresses, and register domains to use. This often happens before they even perform reconnaissance on their targets or create the malicious payload. In most cases, attackers are pretty sloppy criminals, leaving behind fingerprints and breadcrumbs.
That’s where Cisco Umbrella Investigate can help — it tracks down attackers and provides the most complete view of an attacker’s internet infrastructure, enabling security teams to discover malicious domains, IPs, and file hashes, and even predict emergent threats.
As analysts use Recorded Future’s Intel Cards to research emerging threats or review new alerts, they can quickly tap into Investigate’s wealth of infrastructure information with a single click.
Intel CardExtension
IP AddressAvailable
DomainAvailable
HashAvailable

Example

An analyst receives a SIEM alert for suspicious activity linked with the IP address 58.158.177.102. Before deciding on a course of action, the analyst has to research this indicator, and with a quick click, is able to pull up the following Recorded Future Intel Card:
Intel Card for IP Address 58.158.177.102
Recorded Future Intel Card for IP address 58.158.177.102.
According to Recorded Future, this is a “malicious” IP, with plenty of evidence across a variety of sources to support this assessment. One easy route to gain further insight is to use the Cisco Umbrella Investigate extension. For this particular IP address, the following is what Cisco Umbrella Investigate has:
Cisco Umbrella Investigate for IP Address 58.158.177.102.
A partial response returned by the Cisco Umbrella Investigate extension in Recorded Future’s IP Intel Card.
In addition to the various malicious domains linked to this IP address, there are several malware samples that Investigate associates with it; as shown above, these samples are all from the “Ramnit” malware family. A quick look at the Ramnit Malware Intel Card gives the analyst a better idea of what this malware is about, as well as a sense of recent chatter volume related to it: Read More https://www.recordedfuture.com/partner-spotlight-cisco-umbrella/

Comments

Post a Comment

Popular posts from this blog

Best online IoT courses

Image
Internet of things, or IoT, refers to a system of computing and digital devices that are connected to the internet. As the world becomes increasingly digital, everything from coffee machines to cars will become connected. As technology develops and changes it's important to keep your skills up to date. To help, we've compiled a list of useful IoT courses for you to try out this year. Some are free, other are not but they all provide a sturdy foundation in IoT. Here are some of our favorites. 1. Coursera Coursera Provides a range of online IoT courses. From specialisation to general courses, there is a selection available from beginner to advanced levels. These are some of the courses available Industrial IoT on Google Cloud Platform Introduction to architecting smart IoT devices Programming with cloud IoT platforms Users can enrol with Coursera for free.  Read More
Read more

16 best free project management software programs

Image
When building a startup or scaling up a small business, project management is key. Here we offer 16 great project management software tools. Even better, all are free. Read on for the 16 best free project management software programs.  http://www.techworld.com/picture-gallery/startups/10-best-free-project-management-software-programs-3625922/
Read more

How to create an Amazon Alexa skill

Image
http://www.techworld.com/tutorial/apps/how-create-amazon-alexa-skill-3654733/ Alexa   is a 'smart' personal assistant made available to the public by the Amazon Echo in 2015 offering voice-driven applications that can be enabled to provide a whole host of information and run a range of tasks. Amazon offers plenty of skills (voice-enabled apps) ranging from news, travel planners and smart home skills to bedtime stories for children, fun facts and games. Through the Echo, Alexa can perform various tasks such as play music, look up the weather, turn your heating up or down and even (if configured correctly) make you a cup of tea in the morning...well boil the kettle anyway.
Read more