EclecticIQ Platform is a Threat Intelligence Platform (TIP), that empowers threat analysts to perform faster, better, and deeper investigations while disseminating intelligence at machine-speed. This enables organizations to align their defense tactics and strategies with the actual and future threat landscape.
EclecticIQ Platform sits at the center of a threat intelligence practice, collecting intelligence from open sources, commercial suppliers and industry partnerships into a single workspace. Using EclecticIQ Platform, intelligence analysts can deliver actionable intelligence and support detection, prevention and incident response through existing security infrastructure. This approach improves security operations and security leadership through a comprehensive yet cost-effective approach.
Challenges Overcome Through Integration
Analysts are expected to gain and maintain situational awareness of their threat landscape. Currently, they’re spending time battling with the challenge of consolidating multiple sources of data and coping with the integration requirements to different systems instead of performing the valued work of threat intelligence analysis.
EclecticIQ Platform aggregates intelligence from multiple sources, supporting open standards like STIX and a wide range of intelligence integrations with top intelligence providers like Recorded Future. EclecticIQ Platform has a scalable ingestion and automation engine to normalize, correlate, enrich and qualify intelligence at scale. This allows analysts to combine intelligence from open sources, commercial suppliers and industry partnerships into a single workspace.
Using EclecticIQ Platform and Recorded Future, intelligence analysts can deliver actionable intelligence and support detection, prevention and incident response through existing security infrastructure; all for the purposes of reducing risk in the environment.
The Recorded Future integration with EclecticIQ provides both a feed and enricher integration point.
With the feed capability, users have access to the IP, Domain, Hash, and URL Risk Lists from Recorded Future. The results are provided in standard STIX/TAXII protocols including TTPs and Indicators. These lists update automatically to ensure data becomes actionable. Recorded Future Analyst notes are also supported as a feed within EclecticIQ.
The enricher allows users to perform on-demand lookups on Domains, Hashes, URLs and IP addresses allowing the analyst to reduce time spent researching “why” an indicator is bad as Recorded Future will present an aggregated risk score derived from thousands of sources across the web.
Joint Business Value
A central knowledge base of threat intelligence ensures the ability to act and align effectively against the latest cyber threats in a timely fashion. Aggregating threat intelligence in a single point of truth keeps the most accurate and up to date record of insights and enrichments from different sources of intelligence including collaboration among security teams and enrichments from internal systems.
Using EclecticIQ’s scalable ingestion and automation engine to normalize, correlate, enrich and qualify intelligence at scale, users can ingest Recorded Future data in various ways to help analysts reduce MTTR (mean-time-to-response) and validate threats against the most comprehensive data intelligence provider.
The integration between EclecticIQ and Recorded Future allows security responders to:
- Detect and gain context on IOCs with real-time external intelligence to identify true incidents and dismiss false positives using the enricher capabilities.
- Proactively block threats before they impact the business using the Recorded Future risk lists
- Reduce time for threat detection, remediation, and response