top of page

Elasticsearch, MISP and Maltrail Integration

The Security Development Team is pleased to announce that we are in final testing of an Elasticsearch, MISP (Malware Information Sharing Platform) and Maltrail sensor integration our EMM solution. We expect to release the EMM VM on November 1st, 2017. The VM will only be available as open source but those customers wanting to use Jigsaw Threat Intelligence must subscribe to get an API key for our malware feed.

Maltrail: Maltrail is a malicious traffic detection system that is open source. The original project is available on Github. By integrating with an open source project we are allowing our customers to use low to no cost software. Support contracts are available for support from Jigsaw Security.

MISP: Jigsaw Security has been using MISP since 2013. MISP is also available as open source. Jigsaw Security has been providing support in the US commercially since 2014.

Elasticsearch: Jigsaw Security has deployed many Elasticsearch environments in corporations, Government and in our own solutions. Elasticsearch allows us to find and store years worth of information in a value key-pair configuration using lightning fast Lucene technology.

Figure 1: Typical IDS Configuration used to detect threats

This technology pairing allows Jigsaw Security the ability to distribute our threat intelligence information into a low cost sensor solution that can detect attacks. When paired with our RPZ DNS offering this is known as the FirstWatch sensor. This sensor actively disrupts threats by forcing threat actors to connect to a non-existent destination that is controlled by Jigsaw Security. This allows us to see how widespread an attackers foothold is and to track the number of infections easily on Jigsaw customer networks to ensure we are not missing threats that should be included into our solution.

Figure 2: The Jigsaw Security Threat Intelligence Platform displaying the MISP integrated solution

Figure 3: Displaying Threats in the Jigsaw Enterprise Platform from our FirstWatch appliance

Disrupting Threats

When customers need a solution to prevent attacks our DNS appliance provides resolution on your network. When a threat actor tries to connect back to a site they control, we direct that traffic to our appliance and stop the threat all the while collecting statistics to ensure our protection is as effective as possible. Using heuristics detection, we find threats that others miss using big data algorithms to detect traffic others would allow and stop it even without a signature.

Protection without Endpoint Agents

In order to keep your workstations working at peak performance, Jigsaw operates without any agents on the endpoint. You are free to use whatever endpoint protection you wish and we will compliment your existing solution without impacting workstation performance.

For more information on our MISP, Maltrail and Elasticsearch integration please contact your Jigsaw sales professional or send us a message from our website.

2,060 views0 comments
bottom of page