iSight Partners ThreatScape
This is a company that, starting in 2007, decided that it could make the security stack better and more responsive to risks by integrating intelligence into the security management process. This is not to say that iSight has not addressed the cyber threat intelligence analyst. Simply, it has done that and more. There are two aspects to the iSight product: the portal and the API.
The entire process - through the portal or via the API - originates in the ThreatScape Intelligence Platform (TIP). This platform feeds the cloud and provides the data that users access one way or another. iSight employs a large global research team so that intelligence comes from, among other places, boots on the ground in the various locales where cyberthreats are originating. To do that, the company has more than 200 experts in 16 countries working in 24 languages. These operatives follow cyber crime, cyber espionage, hacktivism, threats to the enterprise and critical infrastructure, and vulnerabilities and exploits.
AT A GLANCE
Company iSIGHT Partners
Price Varies depending on deployment.
What it does Adds a lot of value to your security stack by applying threat intelligence. Provides a prodigious amount of extremely useful research, much of it from analysts around the globe.
ThreatScape deliverables include reports, direct access to the cloud through the MySight Portal, and dedicated client support. If you deploy the API, you also get a good number of out-of-the-box integrations with such tools as CheckPoint, ArcSight, Palantir and RSA Archer eGRC.
The MySight portal provides categorized information on the classifications above and allows drill-down for greater details. There are about 100 available reports per day so finding that which could impact your organization likely is a given. These more detailed classifications are viewed in the context of three basic types of intelligence: threats, malware and vulnerabilities. These classifications are what the company calls ThreatScapes.
An example of how these nested categories are used is apparent in the Cyber Crime ThreatScape. iSight describes that ThreatScape as "intelligence and technical analysis to improve responses to abuses of computer systems conducted to steal, or otherwise illegitimately profit from, victims' money, goods, or services."
This ThreatScape particularly addresses such things as fraud and underground marketplaces - think Silk Road. For an organization, such as a financial services company, the Cyber Crime ThreatScape is very important. The other ThreatScapes are equally detailed and focused.
The API provides threat intelligence input into other threat analysis tools, as well as tools that in one way or another manage the security stack. For example, connecting to Splunk provides additional information about addresses and domains that are recognized by Splunk as it collects security information on the enterprise. That additional information appears directly on the Splunk desktop. For other tools, the API provides the ability to block or alert, help prioritize patch management and support incident analysis.
Here in the SC Labs we have been receiving the ThreatScape Media Highlights. This is a daily scrape of key events across the internet as reported in news articles, blogs, social media, etc. Each entry contains a "tease" with a paragraph from the story and a link to the source. For each one there is an iSight analyst comment and, if applicable, links to related reports. So, on a recent day we saw the headline "FBI Director: Sony's Sloppy North Korean Hackers Revealed their IP Addresses." The link was to an article in Wired and there was an analyst comment accompanied by links to two reports, both dealing directly with the Sony attack.
OUR BOTTOM LINE
This is a really competent add-in for your existing security stack, as well as a very good analyst's tool in itself. The reporting is rich and its ability to add value to the elements of your security stack are impressive. We liked the extensive reporting. We found that somewhere in the daily flood of cyberevents we needed a way to dig out what we want and get more detail. We also want to know what is hot. We use other tools for this as well, but the iSight ThreatScapes are nicely focused.
We would like to have some sort of indexing or way that we could teach it to go for the explicit issues that interest us. Something as simple as a thumbs-up or down that taught the ThreatScape what we really wanted to be sure not to miss would be nice. Perhaps there is a way to do this but we did not see it.
This is a tool that you absolutely need to look at. In the fast-moving world of cyberintelligence you never can have too many - or, perhaps, enough - good tools. This one adds real value to your analysis and to your security stack.