MONITORAPP Threat Intelligence Platform, AICC
Threat Intelligence (TI) means ‘information that, according to Gartner’s definition, presents actionable advice in context, mechanisms, indicators where it could pose a threat to an enterprise’s IT or information assets. TTA term dictionary defines ‘how to effectively respond to cyber security threats based on relevant information such as vulnerabilities and past attacks that could pose a threat to an organization’s information assets.
Cyber threats are becoming more sophisticated as cyber attackers use automated, scripted attacks that increase the speed and scale of attacks. Increasingly advanced and intelligent attacks are called “APT.” These attacks are already bypassing existing security solutions, and have become difficult to keep up with by human power. In short, it’s an era of attack intelligence.
What needs to be noted at the moment is “unknown threats,” and it is difficult to even determine the existence of unknown threats with the existing passive detection and response alone. Because it’s an unknown attack, even if there’s a security solution, it’s a zero-day attack. In order to respond effectively to these aggressive attacks, you also need to be intelligent in defense. Analyze at machine speed and reflect results to respond to real-time threats. That’s the threat, the intel wax.
Threat Intelligence Systems is possible because it has cloud-based machine learning technology. New daily security events and data information is collected in real time on the cloud, and machine learning can help you quickly analyze beyond human reach. If traditional security solutions only focus on detecting and isolating threats, combined with Threat Intelligence with an AI-based Machine Learning engine, the identification and classification of sophisticated threats enables even greater threat response.
Introduce the threat intelligence of MONITORAPP. Application Insight Cloud Center (AICC), developed and operated by MONITORAPP, is a cloud-hosted threat-intelligence platform that delivers intelligence to attackers and real-time threat intelligence to attack technologies. Threat Intelligence of MONITORAPP, AICC, combines technologies such as signature/flat detection, full traffic inspection, and profiling, real-time information collection/sharing, third-party interlink, data mining, and big data analytics.
Numerous threats are automatically collected, analyzed, processed in various forms and sent back to individual security solutions in real time. It will also proceed with the virtual patch automatically AICC’s analysis is comprehensive correlation analysis, and the threat of MONITORAPP is derived from its interactive intelligence operations that include technologies and data related to Web security products. The machine learning engine allows us to recognize and classify new and false attack information as attacks, even ‘unknown’ attacks, beyond profiling. This ‘acquisition-analysis-processing-deployment’ process is real-time and is a constant, virtuous circle that creates more accurate threat intelligence.
1. Collection and delivery of various types of threat intelligence
analysis of malicious code attack profiles (including malicious code, exploit URL, and other sources causing inbound infections and attacks); analysis of email attachments and URLs; malicious code callback destinations (used destination IP addresses, protocols, ports used); and other characteristics of malicious code communication protocols, such as custom commands used to instantiate transmission sessions.
2. Massive Web Vulnerabilities Based Big Data
MONITORAPP has been operating Web Application Firewall (WAF) Solution for 14 years on 3,000 sites. This provides comprehensive vulnerability information based on the vast amount of data on the most important web attack information in threat Intelligence. Web vulnerability intelligence includes a variety of situational properties, including risk scores, affected products, and patch availability and utilization. Produce threat-related big data with NVD (National Vulnerability Database) and other security solutions and crawling technologies.
3. Significant current progress information through a total correlation analysis
The data in ‘AICC’ are richly verified and analyzed to identify causal and correlation with various seemingly different indicators. A lot of the data is analyzed globally, and we discover the threat information that’s currently active, and we sort out only the significant threat information that’s currently available.
4. Defend unknown threats through big data analysis through machine learning
AICC’s machine learning engine even discovers unknown threats. It’s because machine learning based on big data can help you identify anomalous threats that can’t be predicted by profiling
5. Real-time automated data collection, Data feed, Virtual Patching
All of these real-time data is gathered in the cloud. The aggregated and analyzed information is then updated to each solution in real time. In other words, ‘AICC’ has an automated data feed system. Data that has been accumulated and normalized on the platform is filtered, analyzed, scored, and self-strengthened, then processed into appropriate data forms. The various forms of intelligence deliverables are updated in security solutions via the restful API. It is also automatically updated for threat vulnerabilities.
6. Self-Development / Operational Threat Intelligence Platform
‘AICC’ is a threat intelligence platform developed and operated by the monitoring lab itself. Threat Intelligence services purchased separately can be linked problems, inconvenience caused by further development, and operational difficulties. When you select a security solution for MONITORAPP, the threat through AICC is immediately applied. Develops and operates continuously in an optimized form for MONITORAPP products.