Threat Intelligence Automation with Jigsaw Security
One of the main features of the Jigsaw solution is that once an attack has been seen at one organization, we protect all other organizations in our network of subscribers. This is great for everyone except patient zero. Many times we are ask "well what can you do to stop patient zero from getting infected?". The answer is we stop those attacks with Heuristic detection of previously unknown malware.
When a new attack is seen, analyst review what has occurred and then either block the attack on our network or we ignore non malicious activity. This manual review makes our data highly valuable and a very clean source for blocking malicious activity.
API use is the key to security
As a Jigsaw Security subscriber we do a few things to ensure that only trusted partners have access to our data:
Vet the organization signing up - In short we do not allow GMail accounts or any non verifiable company or organization to gain access to our data. If you signed up with GMail, that's why you don't have access!
API Key Issuance - Once we have validated who you are and what you will use the data for, we then issue an API key. This API key is used to automatically protect your network in one of the following says: DNS Sinkhole (Domain Blocking), Endpoint Protection (Malicious Threat Blocking), Forensics Investigations (Find Malware in Computer Images), Antivirus Protection (most antivirus products allow custom blacklisting of indicators, our API key will feed most AV products), Firewall Blocking (Most if not all modern firewalls have block list (Palo Alto, Checkpoint, Etc.), Jigsaw Security FirstWatch Sensor (Using the Jigsaw Security sensor, we stop known signature based threats and activity that is malicious that was previously unknown) - Sensors continually update as our analyst update our threat information and heuristic models to catch malicious activity.
Feedback Loop - Subscribers can use the contact information in our threat intelligence to talk directly to the analyst that reviewed or submitted the threat information. This allows direct analyst access to all clients (with a valid subscription).
As you can see, the API interface is what makes Jigsaw unique in that we work with any product or service that can read text, JSON, CSV or other data formats to protect their networks.
This is how the Jigsaw Security solution works. In addition you get the ability to research in our MISP interface or Big Data Platform.