Threat intelligence on demand with Datalake

Share

Cybercriminals are becoming increasingly sophisticated and using multiple attack vectors, which makes threat intelligence critical for organizations wanting to establish a strong security posture. Datalake, the Orange Cyberdefense threat intelligence-as-a-service offering, makes it easy for all organizations to access the latest verified threat data.

It is a huge challenge for organizations to defend against every type of threat, but accurate and timely threat intelligence can help them better assess the risks they are up against. Threat intelligence can also measure the credibility of possible attacks to reduce the number of security alerts IT teams face, so that they are fully prepared to mitigate genuine attacks.

Defending against cyberattacks alone is becoming increasingly difficult, which is why many organizations are reaching out to external sources for threat intelligence. According to Ponemon’s 2019 report on cyber intelligence, 85 percent of respondents now rate threat intelligence as highly important to security operations.

The Ponemon report, however found that data volumes continue to put a huge strain on organizations’ threat detection capabilities. This is down to excessive internal traffic, too many threat indictors to track, too many false positives being thrown up and a lack of historical data to perform investigations. While 70 percent of respondents said they believe it is difficult to prioritize malicious activity without threat intelligence, 68 percent said they find the threat intelligence they have too voluminous and complex.

Orange Cyberdefense Datalake has been developed to deliver an integrated tool that allows organizations to see what is being detected by threat intelligence services around the world. It presents relevant information in a format that eases the analysis of indicators of compromise (IoC), providing risk scores given by our security experts to facilitate decision making.

Datalake provides indicators of compromise (IoC) feeds that have been correlated, consolidated and centralized by our platform and from multiple sources.

The IOCs are available through both:

  • A user-friendly web portal and powerful search tool with various filters that can enable deep threat investigation
  • An application programming interface (API) that allows smooth integration of the contextualized data (scoring, time, target) with an organization’s current security equipment

The Datalake solution plugs into the Orange Cyberdefense proprietary threat intelligence database, which builds a comprehensive real-time picture of threats from public and closed sources worldwide, as well as our own internal threat data feeds.

Examples of sources can include insights from the Orange tier-1 operator Internet backbone, Orange Cyberdefense feeds, open-source threat intelligence feeds, customers and partners.

Threat intelligence-as-a-service

Customers relying on an in-house or third-party managed SOC can now leverage this intelligence through the Datalake threat intelligence SaaS solution. This optimized and scalable solution is based on a big data architecture and hosted in Orange Cyberdefense data centers.

Datalake has been designed specifically to be easy to deploy and requires no settings, installation or capex investment. Our offer includes two hours of training that covers all the functionalities a threat intelligence expert will need.

Datalake offers up standard content such as domain, FQDN, IP and URL and will also go a step further by proposing new types of data such as emails, pasties, hash files, malware signature, registry keys, data related to finance, such as IBAN numbers, and so forth.

All the data is analyzed and scored by Datalake, so users can choose the intelligence level they want. If they only need critical information, they can choose to see just this. In this way, organizations receive the data they need. This can be complemented by a broad attack picture. In addition, customers can monitor for certain keywords in given time frames, such as every hour, for example. They can put one search result or threat under surveillance to be alerted in case of a change on the indicator scoring. If customers have their own threat intelligence teams, they can incorporate their own sources into Datalake and manage confidentiality levels.

Modern cyber landscape

The increase and complexity of threats have seen a jump in the threat intelligence offerings available on the market, each with different services and promises. With access to the Orange tier-1 operator Internet backbone and a large team of cyber experts, we can provide threat intelligence through Datalake that organizations simply can’t get anywhere else.

Due to skill, expertise and resource shortages, many organizations don’t want to manage the innate complexity that can go with many threat intelligence offerings; but they understand the value of such knowledge in the current threat climate.

Datalake takes the heavy lifting out of sourcing threat intelligence, providing an easy-to-understand and efficient service that can help any organization protect its valuable assets.

Orange Cyberdefense has been helping a large European bank with threat intelligence. Watch this video to find out how.

Aymerick Dumas
Aymerick Dumas

I spent more than 10 years consulting for French and international companies. The objective was always the same: analyze, understand and summarize their needs. I am now in charge of defining and implementing our global strategy within the Orange Cyberdefense marketing team to help customers secure their industrial environments and their IoT projects.