Industrial Threat Intelligence Sharing Platform

Service overview

The industrial Threat intelligence sharing platform provides intelligence aggregation, distribution and sharing, as well as intelligent threat intelligence application services such as threat early warning and threat tracing, which are widely used in gove

Service Items

Multi-source threat intelligence access management


It supports the access of business intelligence and open source intelligence, and integrates some selected open source intelligence sources for users to choose, enriching the threat intelligence data of users. At the same time, unified management and automatic intelligence update of multiple threat intelligence sources can be realized, and users can also monitor the running status of threat intelligence in real time through the platform.

 

Automatic aggregation of threat intelligence

Automatic aggregation of threat intelligence can be realized according to predefined rules. It effectively processes and correlates intelligence from commercial, open source, and internally generated intelligence to produce high-quality, usable threat intelligence information. The platform also supports user-defined intelligence aggregation capabilities.

Threat intelligence distribution

It can effectively integrate with security equipment and management platform in user network, and provide API interface for integration to connect with intelligence consumption equipment, so as to realize automatic acquisition and use of intelligence.

Threat intelligence sharing

The internal Shared intelligence can be aggregated and used by other users and security devices to help users truly establish a closed loop of threat intelligence utilization, and form personalized threat intelligence with internal environment background information to cope with the emerging attacks.

Service advantages

Help users realize the landing of threat intelligence

The collision between threat intelligence and local security logs is realized by collecting syslog logs. The access update of multi-source threat intelligence changes the disadvantage that single threat intelligence cannot be used by multiple devices and reduces the resource input; At the same time, it provides API interface, security equipment and security management platform for rapid integration, which reduces the development workload of users during the landing process of threat intelligence.

Improve the management and application of threat intelligence

The functions of intelligence management and intelligence aggregation can simplify the workload of user threat intelligence management and update, ensure real-time update and rapid aggregation of intelligence, and greatly improve the level of user threat intelligence management and application.

Form a closed loop of threat intelligence utilization

To change the disadvantages of single intelligence consumption, establish a complete intelligence utilization loop in the user's local area, so that the user's local terminal and equipment are both consumers and producers of threat intelligence, and promote the improvement of threat intelligence quality.

Enhance security threat detection and disposal capabilities

By integrating threat intelligence, the capability of the original security equipment can be effectively improved to deal with unknown threats and APT attacks. Rich contextual information of threat intelligence can be utilized to help users effectively understand threats and reduce the difficulty of security problem disposal.

The realization of security device log unified storage analysis

The log information of the original security equipment and solutions is integrated and stored in the threat intelligence platform through normalized processing, which is used for correlation analysis and collision with the aggregated threat intelligence to provide users with the security early warning function based on threat intelligence.