Cyber intelligence

It is becoming more and more important to keep a tight grip on your data. Online attacks and intrusions can come from many directions and are ever evolving. The DeepBlue cyber intelligence platform provides your company with the relevant and specific information that will help protect it from current and future cyber threats. We are experts in cyber security and have gained extensive experience working on the frontline of the cyber domain. Based on the knowledge and experience gained defending large public and private organizations, we have created a real-time data feed that will enable our customers to identify and stop attackers and enrich alerts with state-of-the-art background information.

DeepBlue has developed a cyber intelligence platform which gathers information from various sources on the internet and the dark web. By combining and normalizing this data, we are able to provide a clear perspective on the current threats within the cyber domain. Through our dashboard and application programming interface (API) our customers are able to consult and use our data to detect and mitigate cyber attacks. It also enables them to gain extensive background information on an alert when it is triggered. In this way they can pro-actively engage with threats and avoid potential damage. Read more about the growing importance of cyber intelligence platforms here.

Alert enrichment

Our cyber intelligence platform can greatly enrich security alerts and increase the efficiency of your security operations centre (SOC). Most of our customers already have a variety of cyber defence tools in place. The chief information security officer and associated colleagues spend most of their time investigating alerts generated by these systems. With our real-time data feed your alerts can be enriched with the necessary context and the time required to investigate an alert can be reduced drastically. All relevant information required by a SOC analyst to investigate an alert is provided via a simple to use and intuitive interface. Our product integrates with your security incident and event management, and existing threat intelligence systems.

Incident response

DeepBlue’s cyber intelligence platform can increase the efficiency of your incident response. When analysing network traffic or investigating possible cyber incidents, a SOC analyst requires rapid accurate and up-to-date information about IP addresses, e-mail addresses and domain names. Using our intelligence platform, you can search a large selection of cyber intelligence sources via a single interface. We also offer an extensive API for bulk searches. Because our data is normalized, it becomes possible to search in completely different data sources using a single query.

Infrastructure monitoring

Our platform allows you to pro-actively engage with threats and avoid potential damage by monitoring your cyber infrastructure. In 2019 around 40 common vulnerabilities and exposures were recorded per day, which totals nearly 15.000 over the whole year. We monitor the internet and the dark web for new (known) vulnerabilities and exploits. By correlating this information, we can alert you in real-time whenever one of your network peripherals may be vulnerable. This allows your company’s SOC staff to quickly patch and update the affected systems in order to protect your network. This process is entirely passive. Our platform can also actively scan your internet connected infrastructure. By doing so, we are able to alert you whenever there is a (unregistered) change in your environment which could leave you potentially vulnerable.

Brand abuse is the act of abusing or imitating your brand’s online presence. For example, a malicious actor could create a website similar to your company’s website and use it for spear phishing attacks against your employees or customers. Organizations that have insufficient insight in their online presence are especially vulnerable. Our cyber intelligence platform enables you to monitor such malicious activities and sends you an alert when someone creates a website or social media account similar to yours. Simply add your organization’s domains and social media accounts, and our automated platform will alert you when any particularities occur.

Malware or malicious code is a rapidly evolving threat to our customers. Attackers are exploiting vulnerabilities very soon after being discovered and such threats are spreading quickly. Anti-virus tools – which are the most widely used countering mechanism – are unable to cope with this. With our data feed we enable our customers to track and detect malware families distributed in campaigns, so they can act pro-actively on real-time threats.

Interested in trying out our cyber intelligence platform? Request a free demo now. If you have any additional questions or requests, please do not hesitate to contact us. We will get back to you shortly.