Integration Spotlight: Versive

Merge the detection of internal adversary behaviors with known malicious external infrastructure, creating actionable ThreatCases to empower security analysts and incident responders.

Product Overview

The Versive Security Engine (VSE) is the critical missing piece for any company’s security portfolio in that it identifies bad actors who’ve gained network access by automatically understanding the core activities they can’t avoid.

The VSE links behaviors into proactive maps of unfolding adversary campaigns so that security teams can focus on what’s really important — validating threats and remediating them.

Whether your assets are on premise, in the cloud, or both, Versive acts as your network’s last line of defense, by detecting the most malicious internal and external adversaries regardless of what new tools, tactics, or exploits they're using.

Challenges Overcome Through Integration

Versive overcomes analyst threat fatigue by finding the few threats that require immediate investigation by security teams. We force multiply analyst productivity by automatically generating actionable maps of campaigns already unfolding inside your network. We call these maps ThreatCases, which automate the time-consuming process of data complication needed to understand threats.

Integration Description

Recorded Future is integrated into VSE’s user interface, so that analysts can quickly access information about known IP addresses within a ThreatCase, a map of an unfolding adversary campaign.

While Recorded Future provides analysts with information about known external threats, VSE focuses inside the network and surfaces core behaviors. All adversaries (no matter their origin or sophistication) must engage in core behaviors that are effectively impossible for them to avoid (reconnaissance, collection, and exfiltration), and these behaviors reveal themselves in internal network data. Versive’s radically different methodology abstracts away from the detection of specific tools, signatures, and indicators of compromise (IOCs).

VSE ingests various network and endpoint data sources in order to build an understanding of “network normal,” which includes hosts and data movement within a network. By focusing on linking the core campaign behaviors that are effectively impossible for adversaries to avoid, VSE delivers a handful of ThreatCases per week, rather than a daily flood of alerts.

The partnership between Recorded Future and Versive allows security teams to merge the detection of internal adversary behaviors with known malicious external infrastructure, creating actionable ThreatCases to empower security analysts and incident responders.

Twitter: @VersiveAI

Website:  www.versive.com