Select Page

AUTOMATED CYBER THREAT INTELLIGENCE

WHAT IS AUTOMATED CYBER THREAT INTELLIGENCE?

 

Evolve Security Automation makes it easy for organizations and security teams to gain access to the latest threats with over 350 Cyber Threat Intelligence feeds freely available from the Evolve Marketplace. These cover the major threats to your business including:

  • Ransomware and C2 Intelligence
  • Spam and Phishing Intelligence
  • TOR and Open Proxy Intelligence
  • Attacks and Brute-Force Intelligence
  • DDoS Intelligence
  • Gaming, Torrent and Bitcoin Nodes Intelligence

The ability to automatically integrate Cyber Threat Intelligence into your security infrastructure for proactive protection is now seamless with Evolve, including native integration with the Evolve “Automated DNS Sinkhole Breach Detection” and the “Automated Syslog Breach Detection” solutions.

Evolve also enhances your security automation capabilities by natively integrating Cyber Threat Intelligence into your Evolve “Automated Penetration Testing” and “Automated Incident Response” solutions for enhanced breach detection and analysis.

Sharing Cyber Threat Intelligence, both privately and publicly, can now be performed within a few clicks. Your business and your industry partners can now automatically gain the benefits of industry-specific Cyber Threat Intelligence through automated sharing and integration with your security solutions for proactive contextual breach detection and prevention.

Evolve automatically increases the intelligence of your organization to help ensure that you stay on top of the latest threats, attacks and security breaches to keep your business safe.

Register your free Evolve account now 

EVOLVE MARKETPLACE

Automated Cyber Threat Intelligence feeds are available in the Evolve Marketplace. Simply import these automation workflows into your Evolve Account to enhance your security capabilities MORE

GET STARTED

Our Getting Started Guide will step you through importing and launching your first Automated Cyber Threat Intelligence feeds. Enhance your specialist security capabilities now MORE

FEATURES

Automated Cyber Threat Intelligence Integration

Private Cyber Threat Intelligence Sharing

Public Cyber Threat Intelligence Sharing

Evolve Intelligence Manager

Evolve Intelligence Gateways

Automated Ransomware Intelligence

Automated Command and Control Intelligence

Automated Phishing Intelligence

Automated Spam Intelligence

Automated TOR Exit Node Intelligence

Automated Open Proxy Intelligence

Automated Web Attacks Intelligence

Automated DDoS Bot Intelligence

Automated Brute-Force Intelligence

Automated Gaming Server Intelligence

Automated Torrent Intelligence

Automated Bitcoin Nodes Intelligence

Custom Cyber Threat Intelligence Integration

Automated Evolve Dashboard Integration

Automated Evolve Agent Integration

FLEXIBLE SUBSCRIPTION PRICING

 

Evolve enables you to maximize your security budget by providing complimentary access to hundreds of Cyber Threat Intelligence feeds. Simply import the Cyber Threat Intelligence workflows from the Evolve Marketplace to enhance your security capabilities.

 

Complimentary Subscriptions. Only usage billing applies.

OPTIMISE YOUR COSTS WITH USAGE-BASED BILLING

IMPORT USAGE

Importing workflows and modules from the Evolve Marketplace has once-off usage charges per import to orchestrate your new capabilities

SECURITY ZONE USAGE

Evolve transparently optimizes usage charges related to the scaling of Security Zone infrastructure and storage in real-time

WORKFLOW USAGE

Evolve Workflow usage occurs when launching new workflows to orchestrate and chain your security automation modules and data

MODULE USAGE

Evolve Modules are stored and executed on-demand and in real-time that incur usage. Optimize usage by reduced module executions

CONTAINER USAGE

When storing and transferring data within Evolve Containers, usage charges can be optimized by compressing or expiring data

DASHBOARD USAGE

Generating and storing Evolve Dashboards incur usage to enable populating chart data from within Evolve Containers

EVENT USAGE

Evolve Event usage enables you to keep track of all of the security automation actions and events within your accounts

FREQUENTLY ASKED QUESTIONS

WHAT IS AUTOMATED CYBER THREAT INTELLIGENCE?

Evolve provides you with immediate access to over 350 Cyber Threat Intelligence feeds, ranging from Ransomware to Phishing to Denial of Service intelligence.

These Evolve Cyber Threat Intelligence workflows are freely available from the Evolve Marketplace and can natively integrate with your security infrastructure, as well as your Evolve Security Automation workflows including “Automated Penetration Testing”, “Automated Incident Response” and “Orchestrated Security Infrastructure”.

Within minutes, you can automatically detect attempts to access unwanted or malicious websites using the latest malicious domains or connections from malware to their Command & Control systems for automated security breach detection.

HOW DO I GET STARTED?

The first step is to register for an Evolve Account. You will then have access to the Evolve Marketplace where you can review the various Cyber Threat Intelligence workflows. Simply import these automation workflows into your Evolve Account to add this capability to your business.

You can follow the Getting Started Guide to then launch your first Automated Cyber Threat Intelligence workflow instance. The Cyber Threat Intelligence data will then automatically be imported into your Evolve account on a regular basis to help ensure your systems remain protected against the latest threats, attacks and security breaches.  

HOW DO I AUTOMATICALLY INTEGRATE EVOLVE CYBER THREAT INTELLIGENCE?

Evolve Cyber Threat Intelligence workflows automatically collect, parse and transform your corresponding intelligence data, which can seamlessly integrate with your other Evolve Security Automation workflows.

The Evolve Cyber Threat Intelligence workflows include an “Intelligence Manager Module” that regularly collects and parses the corresponding intelligence feeds. This intelligence is then automatically passed through an “Evolve Data Gateway” that manages, sorts and expires aggregated intelligence data originating from multiple Cyber Threat Intelligence workflows. The resulting intelligence data is saved out into an Evolve Container.

Every Evolve Security Automation workflow that supports Cyber Threat Intelligence integration has an “Intelligence Input Container”. To integrate the collected Cyber Threat Intelligence data into the Evolve workflow, all you need to do is simply have the intelligence data saved into the “Intelligence Input Container”. The Evolve workflow will automatically collect the latest data from its “Intelligence Input Container” for the latest intelligence data that is subsequently used within the Evolve workflow.

This process allows you to automatically enhance your “Automated Penetration Testing”, “Automated Incident Response” and “Orchestrated Security Infrastructure” with customizable Cyber Threat Intelligence for automated breach detection and prevention.

GETTING STARTED WITH
AUTOMATED CYBER THREAT INTELLIGENCE

STEP 1: REGISTER AN EVOLVE ACCOUNT

Congratulations for deciding to mature and streamline your security capabilities and maximize your security budgets. Your first step is to simply Register an Evolve Account using the Register button on the Evolve website.

STEP 2: LOGIN TO YOUR EVOLVE ACCOUNT

Now that you have an Evolve Account, login using the Sign-In button on the Evolve website. This will take you to the Evolve welcome screen.
 

STEP 3: SETUP YOUR EVOLVE BILLING

Evolve subscriptions and usage-based bills are charged via credit card.

  • Setup your payment method via the Billing feature located under your Profile Menu towards the top right-hand corner of your Evolve Account.
  • Select the “Add Payment Method” button that will load the Evolve Secure Payment Gateway page where you can add your credit card details.
  • As part of our fraud-prevention controls, your credit card will be charged a nominal amount that you need to enter to verify your credit card before it can be used for payments.

Your Evolve Account is now setup and you are ready to mature your security.
  

STEP 4: SELECT YOUR EVOLVE REGION

Evolve is a specialist security automation cloud, which means that it has globally distributed infrastructure enabling geographic security controls allowing you to keep your data and processing within the geographical regions aligned to your business needs.

  • Select your Evolve Region in the top right-hand corner of your Evolve Account.

Any actions you take will occur within your selected Evolve Region.
  

STEP 5: IMPORT WORKFLOW FROM THE EVOLVE MARKETPLACE

The Evolve Cyber Threat Intelligence workflows are freely available in the Evolve Marketplace. Simply import the workflows into your Evolve Account with the following steps.

  • To get to the Evolve Marketplace, navigate to the Marketplace side-menu.
  • Whilst in the Evolve Marketplace, locate these services by either selecting the “Intelligence” category and browsing through the available workflows, or by searching for the keyword “intelligence”.
  • Click on the corresponding marketplace item to review the overview of the workflow, workflow usage and any pricing information.
  • Click the Import button and step through the import steps.
  • You will then be redirected to the Imports page.
  • You may need to use the Reload button to see your newly imported workflow.

Once the import status changes from “Pending” to “Available” you have successfully imported this security automation workflow and added this specialist security capability to your business.
  

STEP 6: LAUNCH YOUR SECURITY ZONES

Evolve Security Zones are isolated environments that provide scalable compute and storage to execute your Evolve Workflows. Security Zones can be launched in different configurations for different purposes.

Since we are launching a workflow that will run standard automation modules we are going to launch the following type of Security Zone:

  • Scalable Security Zone to provide us with a generic scalable security zone for processing arbitrary modules, such as Cyber Threat Intelligence collection, transformation and aggregation, as well as Dashboard chart generation. 

If you already have a general purpose Security Zone, then you can skip this step.

We will launch the Scalable Automation Security Zone:

  • Select the Security Zones side menu item and click the New Security Zone button.
  • Set a useful name for your Security Zone, such as “Automation_Security_Zone”.
  • Click the Next button, which will take you to the Security Zone Size page.
  • Select a “Medium” sized Security Zone for our use-case, which should be sufficient for most use cases. The size of your Security Zone will actually be defined by your specific use-case. For larger organizations, or for Security Zones that will support multiple workflows with large data processing, then a Large or Extra Large Security Zone may be selected.
  • Click the Next button to go through to the Configuration page where it allows you to specify the settings of your Security Zone.
  • Leave the Volume Size as the default value for our use-case, which should be sufficient for most use cases. The Volume Size is the size of your Security Zone cluster nodes’ disks used to temporarily store your module data during processing. Larger data processing may require increasing the Volume Size to 50 GB or 100 GB for assurance purposes.
  • Select the Scalable setting. The Scalable setting configures the Security Zone to automatically scale up and down to optimize processing and usage costs. 
  • The NAT Gateway can be left as blank since we don’t need a static outbound public IP address.
  • The VPN Gateway can be left as blank since this workflow does not need to access your organization’s internal systems.
  • Click the Next button.
  • Review your settings
  • Click the Create button. 

This will automatically orchestrate your Security Zone with the configurations specified and will take around five minutes. You should wait for the Security Zone state to change from “Pending” to “Available”.
   

STEP 7: LAUNCH A WORKFLOW INSTANCE

You have imported your Automated Cyber Threat Intelligence workflow and have setup your Evolve Security Zone. You now need to launch a Workflow Instance to orchestrate your automated Cyber Threat Intelligence collection and integration.

  • Select the Workflows side menu item to list your available workflows.
  • Locate the “Create Instance” button alongside your Automated Cyber Threat Intelligence workflow.
  • Set a useful name for your workflow instance.
  • Click the Next button, which will take you to the Parameters page where you provide your workflow settings.

Enter the following information within the parameters that will be used to orchestrate your Automated Cyber Threat Intelligence solution:

  • Leave the “Output Container” not selected since Evolve will orchestrate this automatically. You can then launch other Evolve workflows that use this Evolve Container as its Intelligence Input Container.
  • Click the Next button to go to the Configuration page where you select the default location for your generic modules will be executed.
  • Select the “Automation Security Zone” that you created for this workflow.
  • Leave the Agent and Agent Device not selected since we do not want this workflow to to be orchestrated via an Evolve Agent.
  • Click the Next button
  • Review your settings
  • Click the Create button. 

This will automatically orchestrate your Cyber Threat Intelligence workflow instance, including all Module Instances and Containers, using the settings that you specified for your solution.

You should wait for the Workflow Instance state to change from “Pending” to “Available”.
 

STEP 8: REVIEW YOUR EVOLVE INTELLIGENCE CONTAINER

Once your Cyber Threat Intelligence feed has successfully executed and completed for the first time, you can review your Cyber Threat Intelligence data in the Output Container for the workflow instance.

  • Select the Containers side menu item to list your available Evolve Containers.
  • Locate and click the “View” button alongside your Cyber Threat Intelligence Output Container.
  • Locate and click the “View” button alongside your latest Cyber Threat Intelligence data file to preview the results.
  • To download this file, locate the “Download” button alongside your latest Cyber Threat Intelligence data file.

 You now have ongoing Cyber Threat Intelligence that you can use to improve your detection and prevention of threats, attacks and security breaches.

SECURITY BUDGET
OPTIMISATION WITH EVOLVE

Facebook Twitter LinkedIn Youtube

Facebook Twitter LinkedIn Youtube

© Threat Intelligence Pty Ltd | info@threatintelligence.com | 1300 809 437
Register Account | Terms of Use | Privacy Policy

© Threat Intelligence Pty Ltd | info@threatintelligence.com | 1300 809 437 | Register Account | Terms of Use | Privacy Policy