Threat Intelligence Automation with Jigsaw Security


One of the main features of the Jigsaw solution is that once an attack has been seen at one organization, we protect all other organizations in our network of subscribers. This is great for everyone except patient zero. Many times we are ask "well what can you do to stop patient zero from getting infected?". The answer is we stop those attacks with Heuristic detection of previously unknown malware.

When a new attack is seen, analyst review what has occurred and then either block the attack on our network or we ignore non malicious activity. This manual review makes our data highly valuable and a very clean source for blocking malicious activity.

API use is the key to security

As a Jigsaw Security subscriber we do a few things to ensure that only trusted partners have access to our data:

  • Vet the organization signing up - In short we do not allow GMail accounts or any non verifiable company or organization to gain access to our data. If you signed up with GMail, that's why you don't have access!

  • API Key Issuance - Once we have validated who you are and what you will use the data for, we then issue an API key. This API key is used to automatically protect your network in one of the following says: DNS Sinkhole (Domain Blocking), Endpoint Protection (Malicious Threat Blocking), Forensics Investigations (Find Malware in Computer Images), Antivirus Protection (most antivirus products allow custom blacklisting of indicators, our API key will feed most AV products), Firewall Blocking (Most if not all modern firewalls have block list (Palo Alto, Checkpoint, Etc.), Jigsaw Security FirstWatch Sensor (Using the Jigsaw Security sensor, we stop known signature based threats and activity that is malicious that was previously unknown) - Sensors continually update as our analyst update our threat information and heuristic models to catch malicious activity.

  • Feedback Loop - Subscribers can use the contact information in our threat intelligence to talk directly to the analyst that reviewed or submitted the threat information. This allows direct analyst access to all clients (with a valid subscription).

As you can see, the API interface is what makes Jigsaw unique in that we work with any product or service that can read text, JSON, CSV or other data formats to protect their networks.

This is how the Jigsaw Security solution works. In addition you get the ability to research in our MISP interface or Big Data Platform.

#SubscriptionInformation

0 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.