scoutPRIME focuses on dynamic, global and attack surface monitoring through passive discovery and identification from known, unknown or unmonitored assets. It pulls structured data from more than 80 data feeds and overlaid with indicators of compromise and risk to highlight specific threats from external sources targeting a network.
As the world becomes more interconnected organizations simply can’t exist on their own without third parties and other organizations toughening up their IT infrastructures. The blind trust this creates poses a serious security concern. scoutPRIME addresses third-party cyber risk, beginning with footprinting third-party network assets. It overlays assets with intelligence surrounding indicators of compromise and risk and provides 24/7 monitoring of all vendors. The Threat Indicator Confidence score prioritizes risks to building an outside-in view of organizations.
scoutPRIME monitors an extensive list of items, including phishing activity, port/cert information, CVE data, malware, viruses and more. It scans the surface web, social web, deep web and dark web 24/7.
The Threat Indicator Confidence (TIC) score provides a single value of a threat assessment. It supports cyber analysts and operation personnel in locating the most relevant and actionable threats for better prioritization, investigation, response and mitigation. Multivector scoring includes source rating (level of trust), threat classification and criticality (severity of the threat). The solution further prioritizes risks based on the threat landscape as well as an organization’s specific risk tolerance, environment and security posture.
After searching a company, an analyst conceivably could drop all populated information (or a selected portion) into a collection, or grouping of network elements. Clicking on an element in Collection Management automatically brings up the Element Details menu page, which gives analysts the option to dig deeper into the information to figure out what actions to take. scoutPRIME lets analysts pick and choose configurations to eliminate false positives, which differentiates LookingGlass from other companies.
scoutPRIME ingests a lot of BGP routing data, ARIN data, WhoIS information and domain/DNS information, resulting in focused asset ownership that highlights who assets belong to and continuously updating threat data every fifteen minutes. More than 87 feeds come out-of-the-box, 17 of which are proprietary feeds.
It is possible to run a Vendor Score Card Report within the platform and talk about categories of risk, breaking down elements of risk and showing what needs to be highlighted. MSSPs can use feature to review large networks.
This is a worthy option in the threat intelligence platform space that offers numerous customizations and monitoring capabilities for comprehensively managing the risk posed by third parties.
Starting price is $25,000. Support offerings include Standard and Premium for 24/7 phone, email and website support are included. The website does not have FAQs or a knowledgebase.
Tested by: Tom Weil