Threat Intelligence

Nuspire’s NuSecure cloud-based nuSIEM - along with threat analysis efforts - utilizes big data to analyze logs in real-time against continuously updated threat intelligence feeds and historically profiled security threat intelligence. Nuspire's custom, big data, parallel processing cloud creates an exciting method to mine log data for identification of existing indicators of malicious breach.

The advanced analytic capabilities derive from a blending of real-time, third-party security intelligence (identified by devices placed all around the globe), databases of poor reputation or compromised hosts, advisories and bulletins resulting from FBI active investigations of cyber threats, and Nuspire's own security research. These resources are combined within the nuSIEM for normalization, correlation, and aggregation. Once combined and ranked according to proprietary techniques, Nuspire utilizes big data infrastructure to provide real-time analytics and alerts on received streams of logs.

cyberthreat2

global38 blue

nuSIEM

As a global Managed Security Service Provider (MSSP) and cloud Security Information and Event Management (SIEM) provider, Nuspire has tens of thousands of diverse NextGen and UTM Firewall appliances that feed billions of security, context-rich log events into the nuSIEM solution every day. Many of the manufacturers’ devices that feed these security metadata logs into the SIEM are active members of the Cyber Threat Alliance.

analytics7 blue

Threat Intel Feeds

Nuspire further utilizes automated methods to collect IP reputation information that indicates a lower level of trust should be used for those addresses that are not specifically known as malicious. This information is combined with other alert methods to build correlated events that trigger Nuspire SOC engineers who investigate the communications. The continuous feed of actively updated security log metadata in conjunction with existing IP reputation data, known C&C networks from cybersecurity threat feeds, known compromised Internet addresses and even threat intelligence from the Darknet (beyond the surface web) - combine into the NuSecure big data SIEM for normalization, correlation, and aggregation. Once combined and ranked according to proprietary techniques, Nuspire is able to utilize big data infrastructure to provide real-time analytics and alerts on the stream of logs received.

code16 blue

Threat Research

Nuspire's Security Analytics Team members follow industry-specific trends, security issues, government intelligence and other deep, internet data sources that may affect customers. The research is then used to further tune alerts and AI/Trend-based algorithms. Important historical records are automatically updated to continuously tune the security threat intelligence and reputation system.

Advanced Threat Intelligence

Nuspire’s Advanced Cyber Threat Intelligence is a blend of technical, tactical, operational, and strategic cyber threat intelligence only available to devices enrolled in the Cyber Threat Monitoring service.

Technical Cyber Threat Intelligence

Nuspire's Technical Cyber Threat Intelligence is created through a propriety blending, prioritization and validation of social feeds, commercial feeds, and the aggregated information received from tens of thousands of diverse security manufacture devices deployed around the world.

As a global Managed Security Service Provider (MSSP) and cloud Security Information and Event Management (SIEM) provider, Nuspire has tens of thousands of diverse NextGen and UTM Firewall appliances that feed billions of security context-rich log events into the NuSecure SIEM solution every day. Many of the manufacturers’ devices that feed these rich security metadata logs into Nuspire's SIEM are active members of the Cyber Threat Alliance.



Furthermore, Nuspire utilizes automated methods to collect IP reputation information that indicates a lower level of trust should be used for addresses that are not specifically known as malicious. This information is combined with other alert methods to build correlated events that trigger Nuspire Security Operations Center (SOC) engineers who investigate the communications. The continuous feed of actively updated security log metadata in conjunction with existing IP reputation data, known Command and Control (C&C) networks from cyber security threat feeds, known compromised internet addresses and even threat intelligence from Darknet (beyond the surface web) combine into the NuSecure big data SIEM for normalization, correlation and aggregation. Once combined and ranked according to proprietary techniques, big data infrastructure is utilized to provide real-time analytics and alerts on the stream of logs received.

Tactical & Operational Cyber Threat Intelligence

Nuspire's Security Analytics Team (SAT) members follow industry-specific trends, security issues, government intelligence, and other deep Internet data sources that may affect customers. Research findings are then used to further tune alerts and algorithms. Tactical threat intelligence is used to track threat actors to help predict attacks through their techniques and procedures. Additionally, operational threat intelligence is utilized to discover actionable intelligence of a pending attack on a customer or industry. Discovery of tactical and operational threat intelligence issues that affect monitored devices generate tickets for review and discussion with the partner through the trax™ ticketing system.

Strategic Cyber Threat Intelligence

Nuspire's SAT provides informational notices through the trax™ portal about high level issues faced by a multitude of industries, technologies, and organization sizes. This information can be used by executives and their boards to help guide an organization in reducing cyber security risk for the long-term.

This blending of real-time, third-party security intelligence (identified by devices placed all around the globe), databases of poor reputation or compromised hosts, advisories and bulletins derived from FBI active investigations of cyber threats, and Nuspire's own security research represent the NuSecure Advanced Cyber Intelligence. These components all combine into threat intelligence for normalization, correlation and aggregation. Once combined and ranked according to proprietary techniques, big data infrastructure is utilized to provide real-time analytics and alerts on the stream of logs or to specific industry types as part of the CTM Service.

 


Nuspire Insights






Nuspire Infographic


Contact Us

Leave this empty: