WHAT IS AUTOMATED CYBER THREAT INTELLIGENCE?
Evolve Security Automation makes it easy for organizations and security teams to gain access to the latest threats with over 350 Cyber Threat Intelligence feeds freely available from the Evolve Marketplace. These cover the major threats to your business including:
- Ransomware and C2 Intelligence
- Spam and Phishing Intelligence
- TOR and Open Proxy Intelligence
- Attacks and Brute-Force Intelligence
- DDoS Intelligence
- Gaming, Torrent and Bitcoin Nodes Intelligence
The ability to automatically integrate Cyber Threat Intelligence into your security infrastructure for proactive protection is now seamless with Evolve, including native integration with the Evolve “Automated DNS Sinkhole Breach Detection” and the “Automated Syslog Breach Detection” solutions.
Evolve also enhances your security automation capabilities by natively integrating Cyber Threat Intelligence into your Evolve “Automated Penetration Testing” and “Automated Incident Response” solutions for enhanced breach detection and analysis.
Sharing Cyber Threat Intelligence, both privately and publicly, can now be performed within a few clicks. Your business and your industry partners can now automatically gain the benefits of industry-specific Cyber Threat Intelligence through automated sharing and integration with your security solutions for proactive contextual breach detection and prevention.
Evolve automatically increases the intelligence of your organization to help ensure that you stay on top of the latest threats, attacks and security breaches to keep your business safe.
Automated Cyber Threat Intelligence feeds are available in the Evolve Marketplace. Simply import these automation workflows into your Evolve Account to enhance your security capabilities MORE
Automated Cyber Threat Intelligence Integration
Private Cyber Threat Intelligence Sharing
Public Cyber Threat Intelligence Sharing
Evolve Intelligence Manager
Evolve Intelligence Gateways
Automated Ransomware Intelligence
Automated Command and Control Intelligence
Automated Phishing Intelligence
Automated Spam Intelligence
Automated TOR Exit Node Intelligence
Automated Open Proxy Intelligence
Automated Web Attacks Intelligence
Automated DDoS Bot Intelligence
Automated Brute-Force Intelligence
Automated Gaming Server Intelligence
Automated Torrent Intelligence
Automated Bitcoin Nodes Intelligence
Custom Cyber Threat Intelligence Integration
Automated Evolve Dashboard Integration
Automated Evolve Agent Integration
FLEXIBLE SUBSCRIPTION PRICING
Evolve enables you to maximize your security budget by providing complimentary access to hundreds of Cyber Threat Intelligence feeds. Simply import the Cyber Threat Intelligence workflows from the Evolve Marketplace to enhance your security capabilities.
Complimentary Subscriptions. Only usage billing applies.
OPTIMISE YOUR COSTS WITH USAGE-BASED BILLING
Importing workflows and modules from the Evolve Marketplace has once-off usage charges per import to orchestrate your new capabilities
SECURITY ZONE USAGE
Evolve transparently optimizes usage charges related to the scaling of Security Zone infrastructure and storage in real-time
Evolve Workflow usage occurs when launching new workflows to orchestrate and chain your security automation modules and data
Evolve Modules are stored and executed on-demand and in real-time that incur usage. Optimize usage by reduced module executions
When storing and transferring data within Evolve Containers, usage charges can be optimized by compressing or expiring data
Generating and storing Evolve Dashboards incur usage to enable populating chart data from within Evolve Containers
Evolve Event usage enables you to keep track of all of the security automation actions and events within your accounts
FREQUENTLY ASKED QUESTIONS
WHAT IS AUTOMATED CYBER THREAT INTELLIGENCE?
Evolve provides you with immediate access to over 350 Cyber Threat Intelligence feeds, ranging from Ransomware to Phishing to Denial of Service intelligence.
These Evolve Cyber Threat Intelligence workflows are freely available from the Evolve Marketplace and can natively integrate with your security infrastructure, as well as your Evolve Security Automation workflows including “Automated Penetration Testing”, “Automated Incident Response” and “Orchestrated Security Infrastructure”.
Within minutes, you can automatically detect attempts to access unwanted or malicious websites using the latest malicious domains or connections from malware to their Command & Control systems for automated security breach detection.
HOW DO I GET STARTED?
The first step is to register for an Evolve Account. You will then have access to the Evolve Marketplace where you can review the various Cyber Threat Intelligence workflows. Simply import these automation workflows into your Evolve Account to add this capability to your business.
You can follow the Getting Started Guide to then launch your first Automated Cyber Threat Intelligence workflow instance. The Cyber Threat Intelligence data will then automatically be imported into your Evolve account on a regular basis to help ensure your systems remain protected against the latest threats, attacks and security breaches.
HOW DO I AUTOMATICALLY INTEGRATE EVOLVE CYBER THREAT INTELLIGENCE?
Evolve Cyber Threat Intelligence workflows automatically collect, parse and transform your corresponding intelligence data, which can seamlessly integrate with your other Evolve Security Automation workflows.
The Evolve Cyber Threat Intelligence workflows include an “Intelligence Manager Module” that regularly collects and parses the corresponding intelligence feeds. This intelligence is then automatically passed through an “Evolve Data Gateway” that manages, sorts and expires aggregated intelligence data originating from multiple Cyber Threat Intelligence workflows. The resulting intelligence data is saved out into an Evolve Container.
Every Evolve Security Automation workflow that supports Cyber Threat Intelligence integration has an “Intelligence Input Container”. To integrate the collected Cyber Threat Intelligence data into the Evolve workflow, all you need to do is simply have the intelligence data saved into the “Intelligence Input Container”. The Evolve workflow will automatically collect the latest data from its “Intelligence Input Container” for the latest intelligence data that is subsequently used within the Evolve workflow.
This process allows you to automatically enhance your “Automated Penetration Testing”, “Automated Incident Response” and “Orchestrated Security Infrastructure” with customizable Cyber Threat Intelligence for automated breach detection and prevention.
GETTING STARTED WITH
AUTOMATED CYBER THREAT INTELLIGENCE
STEP 1: REGISTER AN EVOLVE ACCOUNT
Congratulations for deciding to mature and streamline your security capabilities and maximize your security budgets. Your first step is to simply Register an Evolve Account using the Register button on the Evolve website.
STEP 2: LOGIN TO YOUR EVOLVE ACCOUNT
Now that you have an Evolve Account, login using the Sign-In button on the Evolve website. This will take you to the Evolve welcome screen.
STEP 3: SETUP YOUR EVOLVE BILLING
Evolve subscriptions and usage-based bills are charged via credit card.
- Setup your payment method via the Billing feature located under your Profile Menu towards the top right-hand corner of your Evolve Account.
- Select the “Add Payment Method” button that will load the Evolve Secure Payment Gateway page where you can add your credit card details.
- As part of our fraud-prevention controls, your credit card will be charged a nominal amount that you need to enter to verify your credit card before it can be used for payments.
Your Evolve Account is now setup and you are ready to mature your security.
STEP 4: SELECT YOUR EVOLVE REGION
Evolve is a specialist security automation cloud, which means that it has globally distributed infrastructure enabling geographic security controls allowing you to keep your data and processing within the geographical regions aligned to your business needs.
- Select your Evolve Region in the top right-hand corner of your Evolve Account.
Any actions you take will occur within your selected Evolve Region.
STEP 5: IMPORT WORKFLOW FROM THE EVOLVE MARKETPLACE
The Evolve Cyber Threat Intelligence workflows are freely available in the Evolve Marketplace. Simply import the workflows into your Evolve Account with the following steps.
- To get to the Evolve Marketplace, navigate to the Marketplace side-menu.
- Whilst in the Evolve Marketplace, locate these services by either selecting the “Intelligence” category and browsing through the available workflows, or by searching for the keyword “intelligence”.
- Click on the corresponding marketplace item to review the overview of the workflow, workflow usage and any pricing information.
- Click the Import button and step through the import steps.
- You will then be redirected to the Imports page.
- You may need to use the Reload button to see your newly imported workflow.
Once the import status changes from “Pending” to “Available” you have successfully imported this security automation workflow and added this specialist security capability to your business.
STEP 6: LAUNCH YOUR SECURITY ZONES
Evolve Security Zones are isolated environments that provide scalable compute and storage to execute your Evolve Workflows. Security Zones can be launched in different configurations for different purposes.
Since we are launching a workflow that will run standard automation modules we are going to launch the following type of Security Zone:
- Scalable Security Zone to provide us with a generic scalable security zone for processing arbitrary modules, such as Cyber Threat Intelligence collection, transformation and aggregation, as well as Dashboard chart generation.
If you already have a general purpose Security Zone, then you can skip this step.
We will launch the Scalable Automation Security Zone:
- Select the Security Zones side menu item and click the New Security Zone button.
- Set a useful name for your Security Zone, such as “Automation_Security_Zone”.
- Click the Next button, which will take you to the Security Zone Size page.
- Select a “Medium” sized Security Zone for our use-case, which should be sufficient for most use cases. The size of your Security Zone will actually be defined by your specific use-case. For larger organizations, or for Security Zones that will support multiple workflows with large data processing, then a Large or Extra Large Security Zone may be selected.
- Click the Next button to go through to the Configuration page where it allows you to specify the settings of your Security Zone.
- Leave the Volume Size as the default value for our use-case, which should be sufficient for most use cases. The Volume Size is the size of your Security Zone cluster nodes’ disks used to temporarily store your module data during processing. Larger data processing may require increasing the Volume Size to 50 GB or 100 GB for assurance purposes.
- Select the Scalable setting. The Scalable setting configures the Security Zone to automatically scale up and down to optimize processing and usage costs.
- The NAT Gateway can be left as blank since we don’t need a static outbound public IP address.
- The VPN Gateway can be left as blank since this workflow does not need to access your organization’s internal systems.
- Click the Next button.
- Review your settings
- Click the Create button.
This will automatically orchestrate your Security Zone with the configurations specified and will take around five minutes. You should wait for the Security Zone state to change from “Pending” to “Available”.
STEP 7: LAUNCH A WORKFLOW INSTANCE
You have imported your Automated Cyber Threat Intelligence workflow and have setup your Evolve Security Zone. You now need to launch a Workflow Instance to orchestrate your automated Cyber Threat Intelligence collection and integration.
- Select the Workflows side menu item to list your available workflows.
- Locate the “Create Instance” button alongside your Automated Cyber Threat Intelligence workflow.
- Set a useful name for your workflow instance.
- Click the Next button, which will take you to the Parameters page where you provide your workflow settings.
Enter the following information within the parameters that will be used to orchestrate your Automated Cyber Threat Intelligence solution:
- Leave the “Output Container” not selected since Evolve will orchestrate this automatically. You can then launch other Evolve workflows that use this Evolve Container as its Intelligence Input Container.
- Click the Next button to go to the Configuration page where you select the default location for your generic modules will be executed.
- Select the “Automation Security Zone” that you created for this workflow.
- Leave the Agent and Agent Device not selected since we do not want this workflow to to be orchestrated via an Evolve Agent.
- Click the Next button
- Review your settings
- Click the Create button.
This will automatically orchestrate your Cyber Threat Intelligence workflow instance, including all Module Instances and Containers, using the settings that you specified for your solution.
You should wait for the Workflow Instance state to change from “Pending” to “Available”.
STEP 8: REVIEW YOUR EVOLVE INTELLIGENCE CONTAINER
Once your Cyber Threat Intelligence feed has successfully executed and completed for the first time, you can review your Cyber Threat Intelligence data in the Output Container for the workflow instance.
- Select the Containers side menu item to list your available Evolve Containers.
- Locate and click the “View” button alongside your Cyber Threat Intelligence Output Container.
- Locate and click the “View” button alongside your latest Cyber Threat Intelligence data file to preview the results.
- To download this file, locate the “Download” button alongside your latest Cyber Threat Intelligence data file.
You now have ongoing Cyber Threat Intelligence that you can use to improve your detection and prevention of threats, attacks and security breaches.