Jigsaw Security announced today that our commercial sensor now interfaces with MISP directly. Simply add your API key to our FirstWatch sensor and all information entered in MISP is instantly available to FirstWatch for monitoring.
What is MISP?
MISP is the Malware Information Sharing Platform which is available for free on Github. MISP is a free solution for storing threat intelligence and for sharing information between organizations securely.
The automation of threat intelligence is one of the most important things that you can do to actually make use of the data that alerts you to threats in near real time as they occur. You can see the MISP source in our FirstWatch sensor alerting screen as well as AIS provided data from DHS. Updates are continually added as new data becomes available freeing up your time to work on security issues and not monitoring what is occurring.
Support for DHS AIS and CISCP programs
Jigsaw Security has also created a module for ingesting and utilizing DHS program data in the FirstWatch sensor directly. This allows you to monitor and/or disrupt threats utilizing information provided in a cost effective manner using our free (or low cost sensor) offerings. Authorized stakeholders can easily provide a low cost sensor to monitor for threats provided by these Department of Homeland Security programs or most commercial threat intelligence data providers.
Jigsaw Security has worked to ensure that critical information can be used instead of just referenced after the fact. In addition to monitoring for indicators, our commercial sensor will actually block threats preventing the infection by breaking the chain of infection.
Automated Updates
No longer do you have to maintain several different storage platforms for your threat intelligence and you can distribute the data to multiple sensors from a single MISP instance.
STIX and TAXII Support
In addition to providing the capability to ingest MISP formatted data, the sensor can also ingest STIX formatted files. All that is required is that you have an API key and the appropriate level of access to instantly protect your customers or be alerted to security issues based on Jigsaw Security proprietary commercial data feeds, DHS sources, OSINT threat intelligence or a combination of the three. Users can push STIX updates to our servers and protect themselves.
Multiple Means of Protection
Jigsaw Security strongly believes that in order to adopt the CDM recently adopted by DHS, that an automated method of protecting and alerting is needed. With this new capability, we feel that we are well on the way to providing a complete low to no cost solution to achieve the goal of continual monitoring.
What about new and emerging threats?
Jigsaw Security has also added hueristic models to our FirstWatch sensor to pick up on new and emerging malware and activity that has previously not been seen before. Everyday we see thousands of new and unidentified malware and suspicious activity of interest. Our machine learning algorithms and heuristics models make it possible for managed security providers to find targeted malware written to specifically attack your customer. We realize that no sooner than a signature is made available that attackers change the binaries and attack methods, C2 or other aspects of their malware to evade detection. By looking for patterns and other indicators of an issue, we can root out malware and hackers quickly and efficiently without alerting to every single action taken against a network.
Full Integration with our Jigsaw Analytic Platform
The output from all of our sensors will report into our Jigsaw Analytic Platform giving you complete access to what attacks are being seen at each of your managed security customer sites. Our complete solution includes endpoint protection, DNS sinkhole servers, Jigsaw Analytic Platform, Log and Full Text Document ingestion for analyzing intelligence focused data. Our security solution covers every single device on your network without the need for endpoint protection.
Sensor Data in the Jigsaw Analytic Platform
Know where your Threats are coming from by using the Jigsaw Analytic Platform
About Jigsaw Security
Jigsaw Security is a managed security provider and big data engineering firm based in Norfolk, Virginia. The company provides automation and innovative security features to protect critical infrastructure and Government systems using commercially available off the shelf (COTS) software and support most commercial products for use with our threat intelligence feeds and subscriptions. For more information on Jigsaw Security please visit the website at www.jigsawsecurityenterprise or talk to an authorized MSP provider.