how does firstwatch (SM) work?
Jigsaw Security Firstwatch sensor is the first line and sometimes the final line of defense in corporate security. The sensor monitors DNS (and provides blocking of malicious content) by monitoring request as they occur on the network.
The Jigsaw Threat Intelligence feed provides protection for known threats using 480+ sources of data, FBI, DHS, US-CERT and ICS-CERT alerts. When a threat is known, the Firstwatch Sensor actively stops workstations from being able to access these known threats. When a threat is not known, the sensor looks at content and activity and stops threats using Heuristic models to find and protect against unknown or brand new threats. In addition Jigsaw Security analyst continually update our threat intelligence to protect all of our users.
sensor components
Regardless of whether a threat is known or unknown to us, our sensors pick up on the activity and allow protection against the threat.
DNS and Proxy servers are used with Jigsaw Data to effectively deny access to known and unknown threats using DNS RPZ configurations.
When a threat is detected, users see a screen indicating that the sensor has stopped the threat. This method disrupts the chain of infection rendering the malicious site as ineffective to the attacker by denying your users access to the malicious content.
SOC Alerting
When a threat is stopped an event is recorded for your Security Operations Center to be able to reach out to the end user to find out what occurred to cause the security issue.
In addition we have partnered with security vendors, consulting companies and critical infrastructure providers so we can alert our customers to what is being seen. Over 400 organizations are providing data that effectively allows Jigsaw as an organization to protect our own networks, customer networks and to provide managed security services to our customers and partners.
Big data analytics Platform
Once an event occurs you need to be able to track the activity around that event. Jigsaw Security utilizes the Jigsaw Analytic platform to store logs, packet data, event information, threat intelligence, OSINT and other closed data sets to make your network more secure. Find out if your users passwords are on the dark web, see what activity matches Jigsaw Threat Intelligence or see when threats are targeting your environment all in a single interface.