LookingGlass scoutPRIME centralizes the collection and normalization of structured and unstructured data to offer a holistic view of the external threat landscape and help determine the ways that those threats impact security. The unique fingerprinting capabilities map the internet and overlay it with indicators of compromise and risk to deliver notifications on vulnerabilities and misconfigurations. This product delivers effective situational awareness of and visibility into attack surfaces. Because it logically maps out the internet, scoutPRIME makes it possible to aggregate different data sources in a single pane of glass. This approach saves time, focuses on continuous monitoring, and lets analysts delve into various data points in a digestible way.
The developers divided the dashboard into workspaces, with each workspace featuring different information. The dashboard shows an overview of identified threats, including potential malware, infections, and botnets. It groups associated threats into elements and collections to help analysts quickly understand connections between threats and prioritize them effectively. It also offers an in-depth view on network topologies and traffic patterns, letting analysts uncover more information for additional research or to convert the intelligence into actionable strategies that bolster security. The platform even assigns each threat a Threat Indicator Confidence (TIC) score to indicate its level of severity. Those with a score of 75-100 are considered critical, 50-74 are elevated, and those with a score of 1-49 are normal. TIC scores categorize the threat potential of a network into a single, actionable value based on the data aggregated from many feeds.
Analysts often go awry when they look at an entire IP, domain space, and registration because the breadth of data can sometimes overwhelm them. Instead, they should determine the assets most vital to the specific business practices of their organization and monitor those to drive efficiency and reduce as much noise as possible. The customizable rules of scoutPRIME can help them refine monitoring by grouping assets into collections. Analysts may search specific collections and view them on heat or pin maps to drill into areas of interest.
The platform also includes extensive predefined reporting options that focus only on relevant information and that aggregate the collection information. There are no limits on the number of reports scheduled or frequency with which these recur. Some of the reports include scorecards, nested collections, and notifications. The scorecard report offers a high-level view of threats divided into various risk categories, making risk management a breeze.
Security pros will find LookingGlass scoutPRIME a flexible product with many configurations that cover several use cases. It gathers all the inferred or verified CVEs across collections, giving analysts the ability to conduct passive vulnerability management and the geodata to conduct research on more granular data points and discover regions or countries of origin. These features combine to give a fuller, richer set of data and drive the platform's efficiency.
Pricing starts at $25,000 and includes 24/7 phone and email support. Additional support options are available for a fee. They also offer a knowledgebase that includes full API documentation. However, we find the overall support content sparse.
Written by Katelyn Dunn
Tested by Tom Weil