Log in
Products
Our Products
Pitch Avatar
Create an avatar for the event
IT catalogs
Find IT product
Bonus4Reference
Get reference from user
IT catalogs
it_our_it_catalogs
Find and compare IT products
Learn implementation reviews
Find vendor and company-supplier
Explore IT products by category
About Us
Blog
Sign Up
Sign In
Home
/
Deployments
/
cellmining-cx-driven-son-for-megafon
Deployment date: undefined
-
Anonymous
Anonymous
{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"implementationDetail":{"description":{"en":"Description","ru":"Описание","_type":"localeString"},"status":{"ru":"Статус","_type":"localeString","en":"Status"},"show":{"ru":"Показать ещё","_type":"localeString","en":"Show more"},"hide":{"_type":"localeString","en":"Hide","ru":"Скрыть"},"details":{"ru":"Подробности","_type":"localeString","en":"Details"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"additional-info":{"_type":"localeString","en":"Additional information","ru":"Дополнительная информация"},"project-was-put":{"ru":"Проект был сдан в срок","_type":"localeString","en":"The project has been delivered on schedule"},"budget-not-exceeded":{"en":"The budget has not been exceeded","ru":"Бюджет не был превышен","_type":"localeString"},"functionally-task-assignment":{"en":"Functionality complies with task","ru":"Функциональность соответствует задаче","_type":"localeString"},"similar-implementations":{"en":"Similar deployments","ru":"Схожие внедрения","_type":"localeString"},"source":{"_type":"localeString","en":"Source:","ru":"Источник:"},"price":{"en":"Price: ","ru":"Цена:","_type":"localeString"},"pluses":{"en":"Advantages","ru":"Плюсы","_type":"localeString"},"raiting":{"_type":"localeString","en":"Raiting","ru":"Общая оценка"},"user":{"ru":"Пользователь","_type":"localeString","en":"User"},"vendor":{"_type":"localeString","en":"Vendor","ru":"Производитель"},"supplier":{"_type":"localeString","en":"Supplier","ru":"Поставщик"},"product":{"ru":"Продукт","_type":"localeString","en":"Product"},"canceled":{"ru":"Отменено","_type":"localeString","en":"Canceled"},"deal-canceled":{"_type":"localeString","en":"Deal canceled","ru":"Сделка отменена"},"deal-closed":{"en":"Deal closed","ru":"Сделка закрыта","_type":"localeString"},"deal-in-progress":{"_type":"localeString","en":"Deal in progress","ru":"Сделка в процессе"},"deal-is-planned":{"_type":"localeString","en":"Deal is planned","ru":"Сделка планируется"},"finished":{"_type":"localeString","en":"Finished","ru":"Завершено"},"in-process":{"en":"In Process","ru":"Ведется","_type":"localeString"},"planned":{"ru":"Планируется","_type":"localeString","en":"Planned"},"proof-of-concept":{"_type":"localeString","en":"Proof of concept","ru":"Пилотный проект"},"stopped":{"_type":"localeString","en":"Stopped","ru":"Остановлено"},"date":{"ru":"Дата внедрения","_type":"localeString","en":"Deployment date"},"roi":{"en":"ROI","ru":"ROI","_type":"localeString"},"not-yet-converted":{"ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later."}},"header":{"help":{"de":"Hilfe","ru":"Помощь","_type":"localeString","en":"Help"},"how":{"_type":"localeString","en":"How does it works","de":"Wie funktioniert es","ru":"Как это работает"},"login":{"_type":"localeString","en":"Log in","de":"Einloggen","ru":"Вход"},"logout":{"_type":"localeString","en":"Sign out","ru":"Выйти"},"faq":{"de":"FAQ","ru":"FAQ","_type":"localeString","en":"FAQ"},"references":{"ru":"Мои запросы","_type":"localeString","en":"Requests","de":"References"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find-it-product":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"_type":"localeString","en":"Comparison Matrix","ru":"Матрица сравнения"},"roi-calculators":{"en":"ROI calculators","ru":"ROI калькуляторы","_type":"localeString"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"en":"Catalogs","ru":"Каталоги","_type":"localeString"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"categories":{"_type":"localeString","en":"Categories","ru":"Категории"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"_type":"localeString","en":"Blog","ru":"Блог"},"agreements":{"en":"Deals","ru":"Сделки","_type":"localeString"},"my-account":{"_type":"localeString","en":"My account","ru":"Мой кабинет"},"register":{"_type":"localeString","en":"Register","ru":"Зарегистрироваться"},"comparison-deletion":{"en":"Deletion","ru":"Удаление","_type":"localeString"},"comparison-confirm":{"ru":"Подтвердите удаление","_type":"localeString","en":"Are you sure you want to delete"},"search-placeholder":{"en":"Enter your search term","ru":"Введите поисковый запрос","_type":"localeString"},"my-profile":{"en":"My profile","ru":"Мои данные","_type":"localeString"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4presenter":{"en":"Roi4Presenter","_type":"localeString"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"sub_it_catalogs":{"en":"Find IT product","_type":"localeString"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"en":"Create an avatar for the event","_type":"localeString"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"_type":"localeString","en":"Find and compare IT products"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"ru":"Все права защищены","_type":"localeString","en":"All rights reserved","de":"Alle rechte vorbehalten"},"company":{"de":"Über die Firma","ru":"О компании","_type":"localeString","en":"My Company"},"about":{"de":"Über uns","ru":"О нас","_type":"localeString","en":"About us"},"infocenter":{"de":"Infocenter","ru":"Инфоцентр","_type":"localeString","en":"Infocenter"},"tariffs":{"de":"Tarife","ru":"Тарифы","_type":"localeString","en":"Subscriptions"},"contact":{"en":"Contact us","de":"Kontaktiere uns","ru":"Связаться с нами","_type":"localeString"},"marketplace":{"en":"Marketplace","de":"Marketplace","ru":"Marketplace","_type":"localeString"},"products":{"de":"Produkte","ru":"Продукты","_type":"localeString","en":"Products"},"compare":{"de":"Wähle und vergleiche","ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare"},"calculate":{"en":"Calculate the cost","de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString"},"get_bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference","de":"Holen Sie sich einen Rabatt"},"salestools":{"ru":"Salestools","_type":"localeString","en":"Salestools","de":"Salestools"},"automatization":{"_type":"localeString","en":"Settlement Automation","de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов"},"roi_calcs":{"de":"ROI-Rechner","ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"matrix":{"en":"Comparison matrix","de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString"},"b4r":{"en":"Rebate 4 Reference","de":"Rebate 4 Reference","ru":"Rebate 4 Reference","_type":"localeString"},"our_social":{"en":"Our social networks","de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString"},"subscribe":{"en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString"},"subscribe_info":{"en":"and be the first to know about promotions, new features and recent software reviews","ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString"},"policy":{"ru":"Политика конфиденциальности","_type":"localeString","en":"Privacy Policy"},"user_agreement":{"ru":"Пользовательское соглашение ","_type":"localeString","en":"Agreement"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"quote":{"ru":"Калькулятор цены","_type":"localeString","en":"Price calculator"},"boosting":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"en":"blog","ru":"блог","_type":"localeString"},"pay4content":{"ru":"платим за контент","_type":"localeString","en":"we pay for content"},"categories":{"_type":"localeString","en":"categories","ru":"категории"},"showForm":{"en":"Show form","ru":"Показать форму","_type":"localeString"},"subscribe__title":{"ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"en":"Name","ru":"Имя","_type":"localeString"},"subscribe__required-message":{"ru":"Это поле обязательное","_type":"localeString","en":"This field is required"},"subscribe__notify-label":{"en":"Yes, please, notify me about news, events and propositions","ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"ru":"Подписаться","_type":"localeString","en":"Subscribe"},"subscribe__email-message":{"en":"Please, enter the valid email","ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString"},"subscribe__email-placeholder":{"en":"username@gmail.com","ru":"username@gmail.com","_type":"localeString"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"_type":"localeString","en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее."},"roi4presenter":{"de":"roi4presenter","ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"en":"Login","ru":"Вход","_type":"localeString"},"registration":{"_type":"localeString","en":"Registration","ru":"Регистрация"},"b2b-platform":{"_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers","ru":"Портал для покупателей, поставщиков и производителей ИТ"}},"comment-form":{"title":{"ru":"Оставить комментарий","_type":"localeString","en":"Leave comment"},"firstname":{"ru":"Имя","_type":"localeString","en":"First name"},"lastname":{"_type":"localeString","en":"Last name","ru":"Фамилия"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"_type":"localeString","en":"Position","ru":"Должность"},"actual-cost":{"ru":"Фактическая стоимость","_type":"localeString","en":"Actual cost"},"received-roi":{"_type":"localeString","en":"Received ROI","ru":"Полученный ROI"},"saving-type":{"en":"Saving type","ru":"Тип экономии","_type":"localeString"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"_type":"localeString","en":"Your rate","ru":"Ваша оценка"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"_type":"localeString","en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности"},"send":{"en":"Send","ru":"Отправить","_type":"localeString"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"_type":"localeString","en":"Thank you for your understanding","ru":"Спасибо за ваше понимание"}},"filters":{"from":{"_type":"localeString","en":"from","ru":"от"},"to":{"en":"to","ru":"до","_type":"localeString"},"filter-price-title":{"ru":"Фильтр по цене","_type":"localeString","en":"Filter by price"},"view-type-label":{"ru":"Вид","_type":"localeString","en":"View"},"sort-type-label":{"ru":"Сортировка","_type":"localeString","en":"Sorting"},"category":{"ru":"Категория","_type":"localeString","en":"Category"},"follow":{"en":"Follow","ru":"Следить","_type":"localeString"},"add-product":{"ru":"Добавить продукт","_type":"localeString","en":"Add Product"},"show-all":{"_type":"localeString","en":"Show all","ru":"Показать все"},"filter-toggle":{"ru":"Фильтр","_type":"localeString","en":"Filter"},"clear-button":{"ru":"Очистить","_type":"localeString","en":"Сlear"},"delivery-type-field":{"_type":"localeString","en":"Delivery type","ru":"Тип поставки"},"product-categories-field":{"ru":"категориz продуктаhjle","_type":"localeString","en":"product categories"},"providers-field":{"ru":"Поставщик, производитель","_type":"localeString","en":"Providers"},"business-tasks-field":{"en":"Business tasks","ru":"Бизнес задачи","_type":"localeString"},"problems-field":{"_type":"localeString","en":"Problems","ru":"Проблемы"},"with-discounts-checkbox":{"ru":"Со скидками","_type":"localeString","en":"With discounts"},"expert-price-checkbox":{"ru":"Конфигуратор","_type":"localeString","en":"Configurator"},"roi-calculator-checkbox":{"_type":"localeString","en":"ROI-calculator","ru":"ROI-калькулятор"},"apply-filter-button":{"ru":"Применить фильтр","_type":"localeString","en":"Apply filter"},"sorting-toggle":{"ru":"Сортировка","_type":"localeString","en":"Sorting"},"show-all-button":{"en":"Show all","ru":"Показать все","_type":"localeString"},"suggest-product-button":{"ru":"Предложить продукт","_type":"localeString","en":"Suggest product"},"with-projects-label":{"en":"With deployments","ru":"С внедрениями","_type":"localeString"},"bonus-4-reference":{"_type":"localeString","en":"Bonus 4 Reference","ru":"Бонус за референс"},"product-categories":{"ru":"Категории продуктов","_type":"localeString","en":"Product Categories"},"countries":{"ru":"Страны","_type":"localeString","en":"Countries"},"seller":{"ru":"Продавец","_type":"localeString","en":"Seller"},"vendors":{"ru":"Производители продуктов пользователя","_type":"localeString","en":"User products vendors"},"suppliers":{"ru":"Поставщики пользователя","_type":"localeString","en":"User suppliers"},"business-process":{"ru":"Проблемы","_type":"localeString","en":"Problems"},"business-objectives":{"_type":"localeString","en":"Business tasks","ru":"Бизнес задачи"},"branch":{"en":" Branch","ru":"Отрасль","_type":"localeString"},"users":{"_type":"localeString","en":"Users","ru":"Пользователи"},"status":{"ru":"Статус","_type":"localeString","en":"Status"},"info-source":{"en":"Info source","ru":"Информационный ресурс","_type":"localeString"},"with-reference-checkbox":{"_type":"localeString","en":"With reference","ru":"С референсами"},"show-deal-checkbox":{"_type":"localeString","en":"Show deal with noname","ru":"Показывать сделки с noname"},"roi-checkbox":{"ru":"ROI","_type":"localeString","en":"ROI"},"problems":{"_type":"localeString","en":"Problems","ru":"Проблемы"},"find":{"en":"Find","ru":"Выполнить поиск","_type":"localeString"},"deal-date":{"ru":"Дата","_type":"localeString","en":"Date"},"try-button":{"en":"Try AI (Beta)","ru":"Попробовать AI (Beta)","_type":"localeString"},"hide":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"company-size":{"_type":"localeString","en":"Company size","ru":"Размер компании"},"add-company":{"_type":"localeString","en":"Add company","ru":"Добавить компанию"},"add-implementation":{"en":"Add deployment","ru":"Добавить внедрение","_type":"localeString"},"sort-title-asc":{"_type":"localeString","en":"From A to Z","ru":"От А до Я"},"sort-title-desc":{"_type":"localeString","en":"From Z to A","ru":"От Я до А"},"sellers-field":{"en":"Sellers","ru":"Поставщики, Производители","_type":"localeString"},"supply-types":{"en":"Supply type","ru":"Тип поставки","_type":"localeString"},"with-comments-checkbox":{"ru":"С комментариями","_type":"localeString","en":"With comments"},"supplier":{"_type":"localeString","en":"Supplier","ru":"Поставщик"},"vendor":{"ru":"Производитель","_type":"localeString","en":"Vendor"},"user":{"ru":"Пользователь","_type":"localeString","en":"User"},"company-type":{"en":"Company type","ru":"Тип компании","_type":"localeString"},"partners-field":{"ru":" Партнеры","_type":"localeString","en":"Partners"},"customers":{"ru":"Покупатели","_type":"localeString","en":"Customers"},"product-supplier":{"_type":"localeString","en":"Product supplier","ru":"Поставщик продукта"},"product-vendor":{"_type":"localeString","en":"Product vendor","ru":"Производитель продукта"},"implementation-date":{"ru":"Дата внедрения","_type":"localeString","en":"Deployment date"},"canceled":{"ru":"Отменено","_type":"localeString","en":"Canceled"},"deal-canceled":{"ru":"Сделка отменена","_type":"localeString","en":"Deal canceled"},"deal-closed":{"en":"Deal closed","ru":"Сделка закрыта","_type":"localeString"},"deal-in-progress":{"en":"Deal in progress","ru":"Сделка в процессе","_type":"localeString"},"deal-is-planned":{"ru":"Сделка планируется","_type":"localeString","en":"Deal is planned"},"finished":{"en":"Finished","ru":"Завершено","_type":"localeString"},"in-process":{"en":"In Process","ru":"Ведется","_type":"localeString"},"planned":{"ru":"Планируется","_type":"localeString","en":"Planned"},"proof-of-concept":{"_type":"localeString","en":"Proof of concept","ru":"Пилотный проект"},"stopped":{"ru":"Остановлено","_type":"localeString","en":"Stopped"},"competencies":{"en":"Competencies","ru":"Компетенции","_type":"localeString"}}},"translationsStatus":{"implementationDetail":"success","filters":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"implementationDetail":{}},"pageMetaDataStatus":{"implementationDetail":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{"threatconnect-for-the-cyber-threat-response-organization":{"id":1265,"title":"ThreatConnect for the Cyber Threat Response Organization","description":"<p style=\"font-size: 16px; \"><span style=\"font-weight: bold; \"><span style=\"font-style: italic; \">A Cyber Threat Response Organization consisting of public and private sector members chose ThreatConnect’s Information Sharing and Analysis Organization (ISAO) and Information Sharing and Analysis Center (ISAC) edition to facilitate the sharing of important cyber threat information amongst its membership.</span></span></p>\r\n<p style=\"font-size: 16px; \"><span style=\"font-weight: bold; \">About the Organization.</span> The Organization was designed to bring together Chief Information Officers, Chief Information Security Officers and their threat analysis teams, from public sector and small to large private<br />sector organizations located in the same U.S. state, to effectively analyze critical, real-time intelligence and respond to emerging cyber threats. The goal was to give cross-industry group members the opportunity to better protect their assets, state critical infrastructure, and key resources from across the state.</p>\r\n<p style=\"font-size: 16px; \"><span style=\"font-weight: bold; \">The Problem: No Way to Safely Collect and Share Cyber Threat Information.</span> The Cyber Threat Response Organization set out to find a solution to share important threat data with its membership. Due to the complexity and confidential nature of cyber threats, the Organization established a list of requirements that needed to be met prior to service selection.</p>\r\n<ul><li>Private member collaboration environment</li><li>Anonymous member information sharing</li><li>Document and threat indicator storage</li><li>Membership growth scalability</li><li>Support from a leading Threat</li><li>Intelligence Research Team</li><li>User-level access control</li><li>Advanced analytics</li><li>Community notifications</li><li>API access to community intelligence to develop</li><li>Automated actions</li></ul>\r\n<ul><li>Access to other threat intelligence communities</li></ul>\r\nThe Threat Response Organization chose the ThreatConnect ISAO edition on account of its ability to meet or exceed their criteria. The Organization assigned a staff member to develop, maintain, and lead recruiting for the ThreatConnect ISAC/ISAO group. Due to the confidential nature of some cyber threats, members are asked to accept a code of conduct, and be members of the FBI’s InfraGard Program. By carefully vetting members and asking them to agree to minimum standards to participate, the Organization ensured the membership would only consist of high-quality participants with vested interest in the state’s public and private sector business community.\r\n<hr />\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">How ThreatConnect Solved the Problem</span></p>\r\n<p class=\"align-left\">ThreatConnect’s ISAO/ISAC edition allowed the Cyber Threat Response Organization to provide a single Threat Intelligence Platform (TIP) for their membership to aggregate their threat data, analyze a complex set of indicators, and take corrective action against their adversaries. Members are able to maximize the value of their existing adversary knowledge. Using the various monitoring and alerting features for domain names, and Whois Registrations, members are able to automatically track and be alerted to new adversary actions, rather than having to manually search for them. Once alerted, the member has the ability to act on the community-based intelligence into their network defense products.<span style=\"font-weight: bold;\"></span></p>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Main Benefits of ThreatConnect</span></p>\r\n<p class=\"align-left\">ThreatConnect allows the community members to pool their threat intelligence and their resources. Community members are seeing an improvement in the protection of their assets, key resources, and state critical infrastructure. ThreatConnect provided the ability to focus on bringing in intelligence that mattered to their state from multiple sources; automated tracking of adversary infrastructure, allowed contributions from their state community peers, and research contributed by ThreatConnect. This has allowed the membership to take a proactive stance against different adversaries; now having broad detection in place before they were targeted.</p>","alias":"threatconnect-for-the-cyber-threat-response-organization","roi":0,"seo":{"title":"ThreatConnect for the Cyber Threat Response Organization","keywords":"","description":"<p style=\"font-size: 16px; \"><span style=\"font-weight: bold; \"><span style=\"font-style: italic; \">A Cyber Threat Response Organization consisting of public and private sector members chose ThreatConnect’s Information Sharing and Analysis Organization (ISAO) an","og:title":"ThreatConnect for the Cyber Threat Response Organization","og:description":"<p style=\"font-size: 16px; \"><span style=\"font-weight: bold; \"><span style=\"font-style: italic; \">A Cyber Threat Response Organization consisting of public and private sector members chose ThreatConnect’s Information Sharing and Analysis Organization (ISAO) an"},"deal_info":"","user":{},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":5842,"title":"ThreatConnect, Inc.","logoURL":"https://old.roi4cio.com/uploads/roi/company/ThreatConnect.jpg","alias":"threatconnect-inc","address":"","roles":[],"description":" <span style=\"font-weight: bold;\">ThreatConnect, Inc.</span> provides industry-leading advanced threat intelligence software and services including <span style=\"font-weight: bold;\">ThreatConnect</span>, the most comprehensive Threat Intelligence Platform (TIP) on the market. <span style=\"font-weight: bold;\">ThreatConnect </span>delivers a single platform in the cloud and on-premises to effectively aggregate, analyze, and act to counter sophisticated cyber-attacks. Leveraging advanced analytics capabilities, <span style=\"font-weight: bold;\">ThreatConnect </span>offers a superior understanding of relevant cyber threats to business operations. <br />Source: https://www.linkedin.com/company/threatconnect-inc/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":1,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://threatconnect.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"ThreatConnect, Inc.","keywords":"","description":" <span style=\"font-weight: bold;\">ThreatConnect, Inc.</span> provides industry-leading advanced threat intelligence software and services including <span style=\"font-weight: bold;\">ThreatConnect</span>, the most comprehensive Threat Intelligence Platform (TIP)","og:title":"ThreatConnect, Inc.","og:description":" <span style=\"font-weight: bold;\">ThreatConnect, Inc.</span> provides industry-leading advanced threat intelligence software and services including <span style=\"font-weight: bold;\">ThreatConnect</span>, the most comprehensive Threat Intelligence Platform (TIP)","og:image":"https://old.roi4cio.com/uploads/roi/company/ThreatConnect.jpg"},"eventUrl":""}],"products":[{"id":5890,"logo":false,"scheme":false,"title":"Threat Intelligence Platform","vendorVerified":0,"rating":"1.00","implementationsCount":1,"suppliersCount":0,"alias":"threatconnect-platform","companyTypes":[],"description":"<span style=\"font-style: italic;\"><span style=\"font-weight: bold; font-size: 16px;\">With our Threat Intelligence Platform (TIP), centralize the aggregation and management of threat data no matter the source. Whether it’s Open Source data from OSINT Feeds, Blogs, or RSS Feeds; or indicators being sent from a threat intel feed provided by an ISAC or Premium Provider, we take that data and add additional context. </span></span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold; font-size: 16px;\">Robust integrations with tools like your SIEM, EDR, and firewall pull internally generated logs into ThreatConnect for further enrichment. You’re provided with a place to organize and prioritize the data so you can then use it to drive actions inside and outside of the Platform.</span></span>\r\n<span style=\"font-weight: bold; \">Agnostic and Extensible Integrations for Distributing Information to Other Security Tools</span><br />Intelligence collected within our Threat Intelligence Platform has the ability to dictate decisions being made across your technology stack. Send relevant and actionable insights from the TIP to other tools with our wide breadth of integrations and flexible Playbooks. Export Threat Intelligence Reports and share the information with other teams to help your organization stay up to date on relevant threats. Read more about how ThreatConnect helped a customer use relevant threat intelligence here.\r\n<span style=\"font-weight: bold; \">Dynamic Intel-driven Automation and Orchestration for Better Decision Making</span>\r\nAs additional context and associations are applied to an indicator, you are armed with intelligence that should influence decision making. But, indicators are dynamic and ever changing. And as they change, so should the processes tied to them. With ThreatConnect, intel-driven automation, orchestration, and response gives you the ability to adjust decisions on the fly based on the changes seen in the intelligence that is influencing the process. Your automated processes are made smarter with Playbooks that enable continuous dynamic decision-making.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold; font-size: 16px;\">With ThreatConnect, you are able to centralize your intelligence, establish process consistency, scale operations, and measure your effectiveness all in one place. Make your security operations and analysts more efficient, while providing real-time insights to security leaders to make better business decisions. </span></span>\r\nWith ThreatConnect’s intelligence-driven security operations platform, your team has the ability to leverage threat intelligence, automation, and orchestration directly from one platform. Automation or orchestration informed by threat intelligence makes your pre-existing technology investments and your entire security team — including security operations and incident response — more efficient and more effective. \r\nA complete solution, ThreatConnect enables you to gain visibility into threats and understand their relevance to your organization, as well as increase efficiency with automation, task management, and orchestration. \r\nWith ThreatConnect, every member of your security team — including leadership — benefits from using the same platform. A centralized system of record, ThreatConnect can measure the effectiveness of your organization with cross-platform analytics and customizable dashboards.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Product Features</span></p>\r\n<ul><li>Open Source Feeds</li><li> Ingest Premium Feeds</li><li>Access to CAL™ Data</li><li>TAXII Server</li><li>ThreatConnect Intelligence Source</li><li>Custom Dashboards</li><li>Automated Email Import</li><li>Manage Incidents and Tasks</li><li>Create Threat Intelligence</li><li>Orchestration</li><li>Custom Indicator Types</li></ul>","shortDescription":"Automate the Collection of Intel From All Sources\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":9,"sellingCount":12,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Threat Intelligence Platform","keywords":"","description":"<span style=\"font-style: italic;\"><span style=\"font-weight: bold; font-size: 16px;\">With our Threat Intelligence Platform (TIP), centralize the aggregation and management of threat data no matter the source. Whether it’s Open Source data from OSINT Feeds, Blog","og:title":"Threat Intelligence Platform","og:description":"<span style=\"font-style: italic;\"><span style=\"font-weight: bold; font-size: 16px;\">With our Threat Intelligence Platform (TIP), centralize the aggregation and management of threat data no matter the source. Whether it’s Open Source data from OSINT Feeds, Blog"},"eventUrl":"","translationId":5891,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"https://threatconnect.com/request-a-demo/\r\nContact: sales@softprom.com","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":306,"title":"Manage Risks"},{"id":6,"title":"Ensure Security and Business Continuity"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":336,"title":"Risk or Leaks of confidential information"},{"id":371,"title":"No control over the state of communication channels"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"}]}},"categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"","title":"Web-site of vendor"}},"comments":[],"references":[],"referencesCount":0,"similarImplementations":[{"id":1271,"title":"Anomali ThreatStream for Bank of Hope","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBank of Hope needed a way to easily investigate potentially risky IPs without having to log in to multiple security product dashboards. The bank depends on its security information and event management (SIEM) tool as the heart of its incident response program, but when the SIEM flagged a potential problem IP address the analysts needed to spend up to a half hour confirming its reputation.<br /><span style=\"font-weight: bold;\"></span>\r\n<span style=\"font-weight: bold;\">SOLUTION</span><br />ThreatStream offered Bank of Hope a way to sync its actionable intelligence with the organization’s SIEM tool and provide analysis with minimal effort.<br /><span style=\"font-weight: bold;\"></span>\r\n<span style=\"font-weight: bold;\">RESULTS</span><br />• Reduced Mean-Time-To-Know<br />• SIEM Integration<br />• Headcount Savings<br /><span style=\"font-weight: bold;\"><br />BANK OF HOPE CHALLENGE</span>\r\nWhen the SIEM pointed to a threat indication, IT security analysts spent an inordinate amount of time looking up potential malicious IPs to confirm their current reputation. Bank of Hope had several systems in its IT environment that provided outside threat intelligence related to malicious IPs, but each of these had its own portal and its own dashboards. Each system provided threat intelligence, but none were intuitively embedded with the SIEM.<br />So analysts were left with a manual process that required them to look up information within each IT tool that had its own built-in threat information. With a lean staff, the bank could ill afford the kind of resource drain that looking up suspicious IPs was putting on its security operations. Staffers could take up to a half hour simply to determine whether the IP address had a known bad reputation, let alone to start acting on a potential incident once bad news was confirmed.<br /><span style=\"font-style: italic;\">“Doing the research was a strenuous process,”</span> said Arindam Bose, senior vice president and security officer for Bank of Hope. <span style=\"font-style: italic;\">“We had to go to multiple resources to understand the indication of relevance of that IP address to our environment.”</span><br />Bank of Hope needed a way to simplify the process so it could make better use of its analysts’ bandwidth to work deeper into the forensics and incident response process.<br /><br /><span style=\"font-weight: bold;\">OVERVIEW</span><br />Operating with $7.3 billion in assets Bank of Hope is the largest KoreanAmerican bank in the nation. As a major community financial institution with 50 branches across the U.S., Bank of Hope understandably must protect itself from a range of attacks against its IT systems. To keep tabs on the numerous security controls and monitoring systems it has in place, the bank depends on its security information and event management (SIEM) system to correlate events and help its analysts stay on top of trends. Unfortunately, until recently the bank’s IT security analysts were taxed by the amount of work needed to analyze and verify indicators of compromise (IOCs) related to outside IP addresses that surfaced from its SIEM correlation engine.<br /><br /><span style=\"font-weight: bold;\">THE THREATSTREAM SOLUTION</span><br />The bank turned to the power of ThreatStream to do exactly that. According to Bose, Bank of Hope chose ThreatStream for several reasons.<br />First and foremost, the ThreatStream Threat Intelligence Platform is able to tell analysts with just a few clicks what an IP address’ threat score is, along with the confidence level based on reputation ranking.<br />Not only is it able to utilize threat feeds already available to Bank of Hope, but it also provides other feeds that add value to Bank of Hope’s analyses. In addition to IP reputation analysis, the tool can also replay executables in its sandbox environment to give Bank of Hope analysts a leg up on early analysis of potential IOCs and threat indicators.<br />But most importantly, ThreatStream integrates into Bank of Hope’s SIEM, so staffers do not need to reroute their analysis process and can do early investigation from a single centralized platform.<br /><span style=\"font-style: italic;\">“The SIEM is a critical component of our environment and the heart of our program. It pulls in logs from a variety of different systems and correlates those indications to determine whether an activity<br />is malicious or not,”</span> Bose says. <span style=\"font-style: italic;\">“Integrating ThreatStream in our SIEM portal means we don’t have to go into five different systems, but can look at the validity of an IP or executable from a single place. The solution has minimized much of the team’s overhead.”</span><br />In addition, the bank needed a tool that could work with the FS-ISAC threat intelligence feed for information specific to the financial industry.<br />ThreatStream worked with the bank to develop that capability natively. It was this last point that truly tipped the scale in favor of ThreatStream for Bank of Hope.<br />Deployment was relatively painless for Bank of Hope, only requiring about an hour a week for the first month. The institution credits ThreatStream’s team with offering lots of guidance to get off the<br />ground running.<br /><br /><span style=\"font-weight: bold;\">THE THREATSTREAM IMPACT</span><br />Now that the tool is in place, Bose reports the value of ThreatStream to Bank of Hope is in the time it saves analysts and the opportunity they have to address more threats than they once could.<br />The time it takes to analyze a threat has gone down from 30 minutes to just a few minutes, time that adds up over the course of investigating many malicious IPs every week. <span style=\"font-style: italic;\">“There has been a substantial decrease in terms of meantime-toknow,”</span> Bose says.<br />These efficiencies have enabled Bank of Hope to save on headcount. Because the tool automatically handles a large analytical workload, Bank of Hope was able to increase capacity without having to hire one or two additional analysts. What’s more, the false positive rates have been very low, meaning analysts spend very little time chasing non-existent problems.<br />Overall, the ThreatStream implementation has been a huge success for the Bank of Hope team, so much so that it is now looking at integrating the tool into its IDS/IPS, giving it the potential to automatically block threats with very high malicious confidence ratings.","alias":"anomali-threatstream-for-bank-of-hope","roi":0,"seo":{"title":"Anomali ThreatStream for Bank of Hope","keywords":"","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBank of Hope needed a way to easily investigate potentially risky IPs without having to log in to multiple security product dashboards. The bank depends on its security information and event management (SIEM) ","og:title":"Anomali ThreatStream for Bank of Hope","og:description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBank of Hope needed a way to easily investigate potentially risky IPs without having to log in to multiple security product dashboards. The bank depends on its security information and event management (SIEM) "},"deal_info":"","user":{"id":9169,"title":"Bank of Hope","logoURL":"https://old.roi4cio.com/uploads/roi/company/Bank-of-hope-bank.jpg","alias":"bank-of-hope","address":"3200 Wilshire Boulevard, Suite 1400, Los Angeles, CA 90010, US","roles":[],"description":" Bank of Hope is the largest Korean American bank. It is based in Los Angeles. It is owned by Hope Bancorp, Inc., a bank holding company. It offers commercial banking loan and deposit products through 58 branches in California, Washington, Texas, Illinois, New York, New Jersey, Virginia, Georgia, and Alabama. It also operates Small Business Administration loan production offices in Seattle, Denver, Dallas, Atlanta, Portland and Annandale, Virginia; a commercial loan production office in Fremont, California; residential mortgage loan production offices in California; and a representative office in Seoul, Korea.<br />It is on the list of largest banks in the United States.<br />Source: https://en.wikipedia.org/wiki/Bank_of_Hope","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.bankofhope.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Bank of Hope","keywords":"","description":" Bank of Hope is the largest Korean American bank. It is based in Los Angeles. It is owned by Hope Bancorp, Inc., a bank holding company. It offers commercial banking loan and deposit products through 58 branches in California, Washington, Texas, Illinois, New","og:title":"Bank of Hope","og:description":" Bank of Hope is the largest Korean American bank. It is based in Los Angeles. It is owned by Hope Bancorp, Inc., a bank holding company. It offers commercial banking loan and deposit products through 58 branches in California, Washington, Texas, Illinois, New","og:image":"https://old.roi4cio.com/uploads/roi/company/Bank-of-hope-bank.jpg"},"eventUrl":""},"supplier":{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively. The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""},"vendors":[{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively. The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""}],"products":[{"id":5889,"logo":false,"scheme":false,"title":"Anomali ThreatStream","vendorVerified":0,"rating":"1.00","implementationsCount":3,"suppliersCount":0,"alias":"anomali-threatstream","companyTypes":[],"description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.<br /><span style=\"font-weight: bold; \">Collect</span><br />ThreatStream manages ingesting intelligence from many disparate sources, including:\r\n<ul><li>STIX/TAXII feeds</li></ul>\r\n<ul><li>Open source threat feeds</li></ul>\r\n<ul><li>Commercial threat intelligence providers</li></ul>\r\n<ul><li>Unstructured intelligence: PDFs, CSVs, emails</li></ul>\r\n<ul><li>ISAC/ISAO shared threat intelligence</li></ul>\r\n<span style=\"font-weight: bold; \">Manage</span><br />ThreatStream takes raw threat data and turns it into rich, usable intelligence:\r\n<ul><li>Normalizes feeds into a common taxonomy</li></ul>\r\n<ul><li>De-duplicates data across feeds</li></ul>\r\n<ul><li>Removes false positives</li></ul>\r\n<ul><li>Enriches data with actor, campaign, and TTP</li></ul>\r\n<ul><li>Associates related threat indicators</li></ul>\r\n<span style=\"font-weight: bold; \">Integrate</span><br />ThreatStream integrates with internal security systems to make threat intelligence actionable.\r\n<ul><li>Deep integration with SIEM, FW, IPS, and EDR</li></ul>\r\n<ul><li>Scales to process millions of indicators</li></ul>\r\n<ul><li>Risk ranks threats via machine learning</li></ul>\r\n<ul><li>Includes Threat Bulletins from Anomali Labs</li></ul>\r\n<ul><li>Secure, 2-way sharing with Trusted Circles</li></ul>","shortDescription":"ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Anomali ThreatStream","keywords":"","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:title":"Anomali ThreatStream","og:description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also "},"eventUrl":"","translationId":5889,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"https://www.anomali.com/request-a-demo","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":382,"title":"High costs of IT personnel"},{"id":385,"title":"Risk of data loss or damage"},{"id":384,"title":"Risk of attacks by hackers"}]}},"categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.anomali.com/resources/case-studies/bank-of-hope-case-study","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":1269,"title":"Anomali ThreatStream for Blackhawk Network Holdings","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBlackhawk Network Holdings threat intelligence was the result of a combination of tools pieced together, none of which were integrated with their SIEM implementation, or provided enough context around IOCs to understand their potential impact.<br />Blackhawk Network Holdings needed a way to easily investigate potentially risky alerts without having to log in to multiple security product dashboards, reduce their manual overhead requirements, and maximize their resources so their analysts could better focus on critical issues.\r\n<span style=\"font-weight: bold;\">SOLUTION</span><br />Anomali® ThreatStream® offered Blackhawk Network Holdings a way to sync actionable threat intelligence with their SIEM alerts, integrate disparate threat feeds into one single-view dashboard, and<br />provide the context around IOCs necessary to understand their true importance.\r\n<span style=\"font-weight: bold;\">RESULTS</span><br />• Single dashboard and consolidation of all threat intelligence feeds<br />• Seamless SIEM integration<br />• Sandboxed testing environment to detonate payloads<br />• Improved threat analysis and response times<br />• More efficient and effective workflow<br />• Reduced false positives by over 95%<br /><br />Before Anomali, Blackhawk Network Holdings relied on a variety of different security tools to manage their threat intelligence—a task they found extremely challenging. Like many organizations, they leveraged their security information and event management (SIEM) system to correlate events and help their analysts stay on top of trends. The problem was they had several systems in their IT environment that provided outside threat intelligence, each with its own portal and own dashboards. None of the systems integrated directly with their SIEM or communicated with each other. And the information was often duplicated or even worse, in disagreement. That meant whenever their SIEM pointed to a threat indication, their security analysts had to spend an inordinate amount of time analyzing and verifying indicators of compromise (IOCs) related to outside IP addresses. Thousands of alerts a day were more than the team could manage, let alone respond to.<br />Blackhawk Network Holdings wanted to simplify their threat intelligence processes so their analysts could focus more on forensics and remediation and less on research, management, and manual correlation. And they wanted to understand not just the type of attacks they were seeing, but the context of who their attackers were. They wanted a tool that could move their security forward but could also integrate with their current processes.<br /><br /><span style=\"font-weight: bold;\">THE ANOMALI SOLUTION</span>\r\nBlackhawk Network Holdings deployed Anomali ThreatStream, giving them an immediate threat intelligence solution via four key benefits:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">1. Consolidation:</span></span><br />ThreatStream consolidated all of Blackhawk Network Holdings’ sources of threat information into one dashboard view within their SIEM, reducing duplicated information and false positives. In turn, they were able to minimize much of their security team’s manual overhead, allowing them to focus on resolution and not research.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">2. Integration:</span></span><br />ThreatStream integrates directly into Blackhawk Network Holdings’ SIEM, so analysts do not need to reroute their analysis process and can do their early investigation from there.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">3. Correlation:</span></span>\r\nThreatStream gave Blackhawk Network Holdings a way to correlate actionable threat intelligence SIEM alerts within their SIEM. ThreatStream tells analysts the threat score for each IP address, along with the confidence level based on a reputation ranking of its maliciousness.<br /><br /><span style=\"font-style: italic;\">"Unless we know who is after us, alerts lack context without Anomali"</span> – Devin Ertel, CISO, Blackhawk Network Holdings.<br /><br /><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">4. Detonation:</span></span><br />ThreatStream enables analysts to replay executables in a sandboxed environment, giving them a safe place to test and a way to perform early analysis of potential IOCs and threat indicators.<br /><br /><span style=\"font-style: italic;\">"When a suspicious email comes in, we can detonate it in a sandboxed environment to see if it’s a threat. We couldn’t do that before".</span> – Pablo Vega, Principal Security Engineer, Blackhawk Network Holdings<br /><br /><span style=\"font-style: italic;\">“Before Anomali, we had tons of information without context. We had to look through thousands of alerts quickly just to see what stood out and then react to those.”</span> – Devin Ertel, CISO, Blackhawk Network Holdings<br /><br /><span style=\"font-weight: bold;\">THE ANOMALI IMPACT</span>\r\nThreatStream gave Blackhawk Network Holdings the key capabilities and threat intelligence context that allowed their analysts to shift from searching through emails and dashboards to verify alerts to focusing on critical threats and issues.\r\nWith ThreatStream, Blackhawk Network Holdings has higher confidence that critical alerts are malicious and not false positives. ThreatStream has provided them with greater visibility into what threats they confront. And since false positives have been very low in both number and criticality, analysts have been spending less time chasing non-existent problems and more time focusing on solutions.\r\nThe value of ThreatStream is in the time it saves analysts and the opportunity they have to address more threats than they once could. Because the tool automatically handles a large analytical workload, Blackhawk Network Holdings was able to increase capacity without having to hire additional staff.\r\nThreatStream has been an incredible solution for Blackhawk Network Holdings, allowing them to maximize resources and focus on the threats that matter most. ThreatStream gives Blackhawk Network Holding the ability to curate and filter the information they need from all of their sources of threat intel. And they’ve been able to apply ThreatStream security context around their alerts, helping to separate the high priority threat intel from low priority alerts to improve their overall security posture.<br /><br />\r\n<span style=\"font-weight: bold;\">LONG TERM SUCCESS</span>\r\nBlackhawk Network Holdings is now looking at integrating Anomali ThreatStream intelligence context into more internal security tooling, giving them the potential to automatically respond to threats with very high malicious confidence ratings. Blackhawk Network Holdings is interested in expanding their capabilities with Anomali Match™ and Anomali Lens™.<br /><br />","alias":"anomali-threatstream-for-blackhawk-network-holdings","roi":0,"seo":{"title":"Anomali ThreatStream for Blackhawk Network Holdings","keywords":"","description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBlackhawk Network Holdings threat intelligence was the result of a combination of tools pieced together, none of which were integrated with their SIEM implementation, or provided enough context around IOCs to ","og:title":"Anomali ThreatStream for Blackhawk Network Holdings","og:description":"<span style=\"font-weight: bold;\">CHALLENGE</span>\r\nBlackhawk Network Holdings threat intelligence was the result of a combination of tools pieced together, none of which were integrated with their SIEM implementation, or provided enough context around IOCs to "},"deal_info":"","user":{"id":9168,"title":"Blackhawk Network Holdings Inc.","logoURL":"https://old.roi4cio.com/uploads/roi/company/blackhawk-network.jpg","alias":"blackhawk-network-holdings-inc","address":"","roles":[],"description":" Blackhawk Network Holdings Inc. is a privately held company that operates in the prepaid, gift card and payments industries. It supports solutions, technology, management and distribution of branded value such as gift cards, telecom and financial service products. Blackhawk's network reaches people through a number of different channels including in-store, online, mobile, and incentive. Blackhawk is headquartered in Pleasanton, California and was incorporated in 2006.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://blackhawknetwork.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Blackhawk Network Holdings Inc.","keywords":"","description":" Blackhawk Network Holdings Inc. is a privately held company that operates in the prepaid, gift card and payments industries. It supports solutions, technology, management and distribution of branded value such as gift cards, telecom and financial service prod","og:title":"Blackhawk Network Holdings Inc.","og:description":" Blackhawk Network Holdings Inc. is a privately held company that operates in the prepaid, gift card and payments industries. It supports solutions, technology, management and distribution of branded value such as gift cards, telecom and financial service prod","og:image":"https://old.roi4cio.com/uploads/roi/company/blackhawk-network.jpg"},"eventUrl":""},"supplier":{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively. The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""},"vendors":[{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively. The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""}],"products":[{"id":5889,"logo":false,"scheme":false,"title":"Anomali ThreatStream","vendorVerified":0,"rating":"1.00","implementationsCount":3,"suppliersCount":0,"alias":"anomali-threatstream","companyTypes":[],"description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.<br /><span style=\"font-weight: bold; \">Collect</span><br />ThreatStream manages ingesting intelligence from many disparate sources, including:\r\n<ul><li>STIX/TAXII feeds</li></ul>\r\n<ul><li>Open source threat feeds</li></ul>\r\n<ul><li>Commercial threat intelligence providers</li></ul>\r\n<ul><li>Unstructured intelligence: PDFs, CSVs, emails</li></ul>\r\n<ul><li>ISAC/ISAO shared threat intelligence</li></ul>\r\n<span style=\"font-weight: bold; \">Manage</span><br />ThreatStream takes raw threat data and turns it into rich, usable intelligence:\r\n<ul><li>Normalizes feeds into a common taxonomy</li></ul>\r\n<ul><li>De-duplicates data across feeds</li></ul>\r\n<ul><li>Removes false positives</li></ul>\r\n<ul><li>Enriches data with actor, campaign, and TTP</li></ul>\r\n<ul><li>Associates related threat indicators</li></ul>\r\n<span style=\"font-weight: bold; \">Integrate</span><br />ThreatStream integrates with internal security systems to make threat intelligence actionable.\r\n<ul><li>Deep integration with SIEM, FW, IPS, and EDR</li></ul>\r\n<ul><li>Scales to process millions of indicators</li></ul>\r\n<ul><li>Risk ranks threats via machine learning</li></ul>\r\n<ul><li>Includes Threat Bulletins from Anomali Labs</li></ul>\r\n<ul><li>Secure, 2-way sharing with Trusted Circles</li></ul>","shortDescription":"ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Anomali ThreatStream","keywords":"","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:title":"Anomali ThreatStream","og:description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also "},"eventUrl":"","translationId":5889,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"https://www.anomali.com/request-a-demo","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":382,"title":"High costs of IT personnel"}]}},"categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.anomali.com/resources/case-studies/blackhawk-network-customer-case-study","title":"Supplier's web site"}},"comments":[],"referencesCount":0},{"id":1273,"title":"Anomali ThreatStream for Federal System Integrator","description":"<span style=\"font-weight: bold;\">ABOUT FEDERAL SYSTEMS INTEGRATOR</span>\r\nThis Federal Systems Integrator (FSI) is a proven provider of information solutions, engineering and analytics for the U.S. Intelligence Community, U.S. Department of Defense and other federal agencies. With more than 40 years of experience, this FSI designs, develops and delivers high impact, mission-critical services and solutions to overcome it’s customers’ most complex problems.<br />\r\n\r\n<span style=\"font-weight: bold;\">THE PROBLEM</span><br />\r\nWorking primarily as a systems integrator with clients in sensitive intelligence and security communities, this FSI’s intellectual property (IP) contains critical high-value information. This IP, essential to the U.S. government, must remain protected and secure.<br />\r\nOn a daily basis, this FSI receives hundreds of Indicators of Compromise (IOCs) from multiple sources, and each IOC requires evaluation of the level of confidence behind the intelligence. Analysis of the data must:\r\n<ul><li>Consolidate important threat intel data</li></ul>\r\n<ul><li>Put the intel into context</li></ul>\r\n<ul><li>Decide if intel is pertinent and reliable</li></ul>\r\n<ul><li>Show where to focus and take action</li></ul>\r\nThe volume of IOCs combined with the need for accurate assessment created a significant challenge for this FSI—threat data management is time consuming and crucial, and yet is not the core mission of the company. This FSI needed to scale operations and use manpower resources more efficiently.<br />This FSI needed a way to speed threat intelligence validation and integration, and to do it without compromising information security. The company sought an automated threat intelligence solution that would work with this FSI’s existing security information event management (SIEM) tools while reducing the time spent analyzing and operationalizing threat intelligence data.<br />\r\n\r\n<span style=\"font-weight: bold;\">THE THREATSTREAM SOLUTION</span><br />\r\nThis FSI turned to ThreatStream for an automated cyber threat intelligence solution. The ThreatStream Optic™ platform counters adversaries by fusing actionable intelligence with existing security infrastructure by:\r\n<ul><li>Consolidating and curating multiple threat intelligence sources while eliminating redundancies</li></ul>\r\n<ul><li>Providing cross-validated analysis</li></ul>\r\n<ul><li>Rapidly operationalizing intelligence with high confidence</li></ul>\r\n<span style=\"font-style: italic;\">“ThreatStream comes with a valuable reputation for providing quality intelligence in a timely manner, and their automated capability works seamlessly with the various cybersecurity tools you already have in your environment.”</span><br />\r\nBefore ThreatStream, this FSI staff spent thousands of hours annually to collect intelligence, sift through IOCs, validate intelligence and then operationalize that data by writing rules and actions into security infrastructure.<br />This FSI deployed ThreatStream Optic and immediately reduced the amount of time it took to not only identify valid threat intelligence, but also operationalize that threat intel by injecting it directly into this FSI’s existing security tools. ThreatStream Optic connects with this FSI’s SIEM through a single, cloud-based portal, consolidating, normalizing and validating intelligence.<br />\r\nThis seamless integration also eliminates the time and resource-intensive process of manually de-duplicating information from multiple feeds.<br />\r\nThis FSI chose ThreatStream because the ThreatStream Optic platform, unlike other threat feeds, provides the additional benefit of cross-validation analysis. This FSI is able to take the threat intel received from ThreatStream and other sources and use ThreatStream Optic to determine with a high degree of probability what is valid intelligence, and act accordingly. ThreatStream allows this FSI to act on threat intel with a high degree of confidence.<br />\r\nThe efficiencies created by ThreatStream Optic also allow this FSI to redeploy valuable human resources, which saves this FSI countless hours and thousands of dollars per year.<br />\r\n<span style=\"font-style: italic;\">“Rather than taking us days to implement threat intelligence into our cybersecurity tools, with Optic, we can do it in minutes.”</span><br /><br />\r\n<span style=\"font-weight: bold;\">IMPLEMENTATION</span><br />\r\nThreatStream provided this FSI integrations for multiple sets of technology architecture, ensuring a smooth implementation. This FSI’s SIEM tools easily connect with ThreatStream’s server to pull down and inject data directly into this FSI’s security architecture stack. The threat intelligence provided by ThreatStream is viewed and used at this FSI’s highest levels.<br />\r\n<span style=\"font-style: italic;\">“The reliability of the data and depth of information the ThreatStream solution provides is top-notch. ThreatStream only delivers data that’s been fully vetted, rich with context and insights, allowing us to take immediate action.”</span><br /><br />\r\n<span style=\"font-weight: bold;\">A PARTNERSHIP</span><br />\r\n<span style=\"font-style: italic;\">“Working with ThreatStream is really a partnership. We have regularly scheduled discussions, and if we need anything, it’s only a phone call away. It’s easy to communicate with our ThreatStream team, and they are very receptive of what we ask of them.”</span><br />\r\nThreatStream Optic is the first threat intelligence platform that manages the entire life cycle of threat intelligence from multi-source acquisition to operational integration across the entire ecosystem of existing security devices. ThreatStream Optic enables enterprise and government organizations to seamlessly aggregate and analyze threat intelligence and automatically inject the information into their security infrastructure.","alias":"anomali-threatstream-for-federal-system-integrator","roi":0,"seo":{"title":"Anomali ThreatStream for Federal System Integrator","keywords":"","description":"<span style=\"font-weight: bold;\">ABOUT FEDERAL SYSTEMS INTEGRATOR</span>\r\nThis Federal Systems Integrator (FSI) is a proven provider of information solutions, engineering and analytics for the U.S. Intelligence Community, U.S. Department of Defense and other f","og:title":"Anomali ThreatStream for Federal System Integrator","og:description":"<span style=\"font-weight: bold;\">ABOUT FEDERAL SYSTEMS INTEGRATOR</span>\r\nThis Federal Systems Integrator (FSI) is a proven provider of information solutions, engineering and analytics for the U.S. Intelligence Community, U.S. Department of Defense and other f"},"deal_info":"","user":{"id":4195,"title":"Hidden user","logoURL":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg","alias":"skrytyi-polzovatel","address":"","roles":[],"description":"User Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":98,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden user","keywords":"Hidden, user, User, Information, confidential","description":"User Information is confidential ","og:title":"Hidden user","og:description":"User Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/hidden_user.jpg"},"eventUrl":""},"supplier":{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively. The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""},"vendors":[{"id":5298,"title":"Anomali","logoURL":"https://old.roi4cio.com/uploads/roi/company/Anomali.png","alias":"anomali","address":"","roles":[],"description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect threats, understand adversaries, and respond effectively. The platform enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs and leading enterprises worldwide.<br />Source: https://www.linkedin.com/company/anomali/about/","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":3,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://www.anomali.com","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Anomali","keywords":"","description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:title":"Anomali","og:description":" Anomali detects adversaries and tells you who they are. \r\nAnomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments.\r\nOrganizations rely on the Anomali Threat Platform to detect","og:image":"https://old.roi4cio.com/uploads/roi/company/Anomali.png"},"eventUrl":""}],"products":[{"id":5889,"logo":false,"scheme":false,"title":"Anomali ThreatStream","vendorVerified":0,"rating":"1.00","implementationsCount":3,"suppliersCount":0,"alias":"anomali-threatstream","companyTypes":[],"description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also showed that 70% are overwhelmed with threat data. Anomali ThreatStream® makes it easier for security teams to achieve the full promise of threat intelligence. ThreatStream automates all the processes for collecting, managing and integrating threat intelligence, and gives security analysts the tools and resources to respond quickly to active threats.<br /><span style=\"font-weight: bold; \">Collect</span><br />ThreatStream manages ingesting intelligence from many disparate sources, including:\r\n<ul><li>STIX/TAXII feeds</li></ul>\r\n<ul><li>Open source threat feeds</li></ul>\r\n<ul><li>Commercial threat intelligence providers</li></ul>\r\n<ul><li>Unstructured intelligence: PDFs, CSVs, emails</li></ul>\r\n<ul><li>ISAC/ISAO shared threat intelligence</li></ul>\r\n<span style=\"font-weight: bold; \">Manage</span><br />ThreatStream takes raw threat data and turns it into rich, usable intelligence:\r\n<ul><li>Normalizes feeds into a common taxonomy</li></ul>\r\n<ul><li>De-duplicates data across feeds</li></ul>\r\n<ul><li>Removes false positives</li></ul>\r\n<ul><li>Enriches data with actor, campaign, and TTP</li></ul>\r\n<ul><li>Associates related threat indicators</li></ul>\r\n<span style=\"font-weight: bold; \">Integrate</span><br />ThreatStream integrates with internal security systems to make threat intelligence actionable.\r\n<ul><li>Deep integration with SIEM, FW, IPS, and EDR</li></ul>\r\n<ul><li>Scales to process millions of indicators</li></ul>\r\n<ul><li>Risk ranks threats via machine learning</li></ul>\r\n<ul><li>Includes Threat Bulletins from Anomali Labs</li></ul>\r\n<ul><li>Secure, 2-way sharing with Trusted Circles</li></ul>","shortDescription":"ThreatStream operationalizes threat intelligence and unites all the tools in your security infrastructure, speeding the detection of threats and enabling proactive defense measures.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Anomali ThreatStream","keywords":"","description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also ","og:title":"Anomali ThreatStream","og:description":"SOC analysts, incident response teams and researchers face the challenge of operationalizing an overwhelming amount of threat data. A recent Ponemon survey showed that 78% say threat intelligence is critical for achieving a strong security posture but also "},"eventUrl":"","translationId":5889,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":150000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"https://www.anomali.com/request-a-demo","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"},{"id":5,"title":"Enhance Staff Productivity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":385,"title":"Risk of data loss or damage"},{"id":384,"title":"Risk of attacks by hackers"},{"id":382,"title":"High costs of IT personnel"}]}},"categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://www.anomali.com/files/ThreatStream_Case_Study_FSI.pdf","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":1267,"title":"ThreatQ platform for Airbus Cybersecurity","description":" <span style=\"font-weight: bold;\">Augmented Intelligence: Airbus Cybersecurity Strengthens its Threat Intelligence with ThreatQuotient</span><br /><br /><span style=\"font-style: italic;\">“Since 2011, our threat intelligence service has worked very closely with our incident response teams. Among other things, this has allowed us to be very relevant and responsive when it comes to tracking attackers,”</span> explains Julien Menissez, Product Manager for Managed Services in Europe at Airbus Cybersecurity.\r\nThis proximity has paid off, enabling the service to better contextualize alerts that would otherwise remain purely technical, such as lists of IP addresses and other indicators of compromise (IoCs). Technical alerts are effective in blocking specific attacks, often in an automated way. However, when they are enriched with relevant, contextual information they can become real decision-making tools allowing security analysts to answer questions, such as:<br />What do we know about the attacker’s current targets and campaigns? Are we a potential target for this group in particular?<br />In theory this is attractive, but to deliver this in practice Airbus Cybersecurity needed to be equipped to offer a robust, industry-ready service. <span style=\"font-style: italic;\">“In 2015, we decided to create a dissemination offering that would allow customers operating their own SOC to benefit from this increased information. We first worked with flat files, and then we deployed MISP interfaces for our customers,”</span> continues Julien Menissez.<br /><br /><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Difficulty scaling up</span></span>\r\nMISP (Malware Information Sharing Platform) is a must in the world of threat intelligence. Available as a free solution, MISP facilitates the sharing of IoCs between researchers. But before IoCs can be shared, they must be acquired and consolidated. This is where things get complicated. Julien Menissez recalls, <span style=\"font-style: italic;\">“MISP is very good for dissemination, but ingestion is not simple! We were forced to use many other open source tools in parallel, requiring a lot of scripting and manual operations before delivering the information to our customers, while remaining within the timeframes allowed by our SLAs.”</span>\r\nThe dissemination service became so successful, that the load on the Airbus Threat Intelligence team increased dramatically. As customers demanded more and more context and richer information, beyond what MISP can do with its tagging and commenting functionalities, it quickly became clear that a manual approach could not be scaled up.\r\nThe Airbus Cybersecurity team then decided to research a new “cyber-intelligence back office” — a tool capable of natively managing concepts such as the freshness of information, reliability, context, and related data.\r\n<span style=\"font-style: italic;\">“We quickly saw in ThreatQuotient the vendor best suited to our needs. We shared the same vocabulary (coming from the defense sector). The ThreatQ platform met our criteria, and the technical level of the ThreatQuotient subject matter experts was excellent,”</span> explains Julien Menissez.<br /><br />\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">From weekly delivery to continuous information</span></span>\r\nThe deployment of ThreatQ allows Airbus Cybersecurity to meet their goals. <span style=\"font-style: italic;\">“We can now deliver the same service and the same knowledge, with the same quality as before, but much more quickly and with far fewer technical manipulations,”</span> details Julien Menissez.<span style=\"font-style: italic;\"> “And, obviously, it’s our customers who benefit. Airbus has gone from weekly information delivery to continuous information delivery.”</span>\r\nBetter still, for slightly more mature customers, who do not yet operate their own SOC, but still have an internal CSIRT team, the Airbus team can now offer an optional tool capable of helping them capitalize on their knowledge. The knowledge acquired during the customer’s internal investigations is seamlessly integrated into the ThreatQ platform to enrich the information delivered back to the customer via the Airbus service.\r\nThe ThreatQ platform is completely complementary to an existing MISP solution, allowing the customer to build up their own knowledge base adapted with their context. Customers also have the freedom to change their threat intelligence feeds and sources at any time, since they will keep all of their data within the ThreatQ Threat Library and therefore all the knowledge acquired by their CSIRT.<br /><br /><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Better responsiveness in times of crisis</span></span>\r\nThe ThreatQuotient solution allows Airbus Cybersecurity analysts to respond better and faster to customer requests. <span style=\"font-style: italic;\">“Most SOCs work with a workflow system to investigate IoCs collected during an incident. It is often a manual process but since the ThreatQ platform can be integrated with a SIEM to do the research and automatically identify patterns and linkages and how to pivot from a given IoC, we have even been able to reduce our response time to our customers,”</span> says Julien Menissez. <span style=\"font-style: italic;\">“And obviously, in an incident, quickly identifying the pivots and monitoring malicious activities as closely as possible is a major advantage.”</span><br /><br />\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Personalized information</span></span>\r\nFinally, the choice of the ThreatQuotient solution allowed Airbus Cybersecurity to refine the information delivered to customers in order to better manage their security posture. The ThreatQ platform makes it possible to automatically “package” the most relevant flows according to the exposure of the client to specific risks, and thus take a strategic approach to mitigate risk.","alias":"threatq-platform-for-airbus-cybersecurity","roi":0,"seo":{"title":"ThreatQ platform for Airbus Cybersecurity","keywords":"","description":" <span style=\"font-weight: bold;\">Augmented Intelligence: Airbus Cybersecurity Strengthens its Threat Intelligence with ThreatQuotient</span><br /><br /><span style=\"font-style: italic;\">“Since 2011, our threat intelligence service has worked very closely with","og:title":"ThreatQ platform for Airbus Cybersecurity","og:description":" <span style=\"font-weight: bold;\">Augmented Intelligence: Airbus Cybersecurity Strengthens its Threat Intelligence with ThreatQuotient</span><br /><br /><span style=\"font-style: italic;\">“Since 2011, our threat intelligence service has worked very closely with"},"deal_info":"","user":{"id":9166,"title":"Airbus CyberSecurity (User)","logoURL":"https://old.roi4cio.com/uploads/roi/company/Airbus_01.jpg","alias":"airbus-cybersecurity-user","address":"","roles":[],"description":" Airbus CyberSecurity is a European specialist in cyber security. Its mission is to protect governments, military, organisations and critical national infrastructure from cyber threats.<br />Airbus CyberSecurity is a fully owned subsidiary of Airbus Defence and Space, with over 900 cyber professionals based across France, Germany, the UK and Spain, each with a Security Operations Centre (SOC). Additionally, the organisation includes Stormshield, a France-based subsidiary which offers security products to enterprise and government clients.<br />With over 30 years of experience providing reliable cyber security products and services, Airbus CyberSecurity has become one of the most advanced sovereign cyber security players in Europe. Having protected Airbus Defence and Space’s complex systems and networks with its SOCs for years, Airbus CyberSecurity has leveraged our Airbus DNA to develop products and services for customers facing similar challenges as vendor, based on state-of-the-art trusted technologies.<br /><br />","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://airbus-cyber-security.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Airbus CyberSecurity (User)","keywords":"","description":" Airbus CyberSecurity is a European specialist in cyber security. Its mission is to protect governments, military, organisations and critical national infrastructure from cyber threats.<br />Airbus CyberSecurity is a fully owned subsidiary of Airbus Defence an","og:title":"Airbus CyberSecurity (User)","og:description":" Airbus CyberSecurity is a European specialist in cyber security. Its mission is to protect governments, military, organisations and critical national infrastructure from cyber threats.<br />Airbus CyberSecurity is a fully owned subsidiary of Airbus Defence an","og:image":"https://old.roi4cio.com/uploads/roi/company/Airbus_01.jpg"},"eventUrl":""},"supplier":{"id":5844,"title":"ThreatQuotient, Inc.","logoURL":"https://old.roi4cio.com/uploads/roi/company/ThreatQ.png","alias":"threatquotient-inc","address":"","roles":[],"description":" \r\n<span lang=\"EN\"><span style=\"font-weight: bold;\">ThreatQuotient </span>develops solutions to improve the efficiency and effectiveness of cybersecurity operations. The company's proprietary software platform speeds up and simplifies the incident investigation process and optimizes the work of security teams. ThreatQuotient solutions combine the organization's existing processes and technologies into a single workspace, reduce information noise, highlight the most important threats and automate processes to maximize focus and decision support while making the most of limited resources. ThreatQuotient's threat-focused approach supports a variety of use cases, including incident response, threat search and analysis, phishing detection, alert sorting, vulnerability management, and more. ThreatQuotient is headquartered in Northern Virginia (USA) with overseas offices in EMEA and APAC.</span>","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":1,"vendorImplementationsCount":1,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.threatq.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"ThreatQuotient, Inc.","keywords":"","description":" \r\n<span lang=\"EN\"><span style=\"font-weight: bold;\">ThreatQuotient </span>develops solutions to improve the efficiency and effectiveness of cybersecurity operations. The company's proprietary software platform speeds up and simplifies the incident investigati","og:title":"ThreatQuotient, Inc.","og:description":" \r\n<span lang=\"EN\"><span style=\"font-weight: bold;\">ThreatQuotient </span>develops solutions to improve the efficiency and effectiveness of cybersecurity operations. The company's proprietary software platform speeds up and simplifies the incident investigati","og:image":"https://old.roi4cio.com/uploads/roi/company/ThreatQ.png"},"eventUrl":""},"vendors":[{"id":5844,"title":"ThreatQuotient, Inc.","logoURL":"https://old.roi4cio.com/uploads/roi/company/ThreatQ.png","alias":"threatquotient-inc","address":"","roles":[],"description":" \r\n<span lang=\"EN\"><span style=\"font-weight: bold;\">ThreatQuotient </span>develops solutions to improve the efficiency and effectiveness of cybersecurity operations. The company's proprietary software platform speeds up and simplifies the incident investigation process and optimizes the work of security teams. ThreatQuotient solutions combine the organization's existing processes and technologies into a single workspace, reduce information noise, highlight the most important threats and automate processes to maximize focus and decision support while making the most of limited resources. ThreatQuotient's threat-focused approach supports a variety of use cases, including incident response, threat search and analysis, phishing detection, alert sorting, vulnerability management, and more. ThreatQuotient is headquartered in Northern Virginia (USA) with overseas offices in EMEA and APAC.</span>","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":1,"vendorImplementationsCount":1,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://www.threatq.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"ThreatQuotient, Inc.","keywords":"","description":" \r\n<span lang=\"EN\"><span style=\"font-weight: bold;\">ThreatQuotient </span>develops solutions to improve the efficiency and effectiveness of cybersecurity operations. The company's proprietary software platform speeds up and simplifies the incident investigati","og:title":"ThreatQuotient, Inc.","og:description":" \r\n<span lang=\"EN\"><span style=\"font-weight: bold;\">ThreatQuotient </span>develops solutions to improve the efficiency and effectiveness of cybersecurity operations. The company's proprietary software platform speeds up and simplifies the incident investigati","og:image":"https://old.roi4cio.com/uploads/roi/company/ThreatQ.png"},"eventUrl":""}],"products":[{"id":5886,"logo":false,"scheme":false,"title":"ThreatQ","vendorVerified":0,"rating":"1.00","implementationsCount":1,"suppliersCount":0,"alias":"threatq","companyTypes":[],"description":"<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">To understand and stop threats more effectively and efficiently your existing security infrastructure and people need to work smarter, not harder. ThreatQ can serve as an open and extensible threat intelligence platform that accelerates security operations through streamlined threat operations and management. The integrated, self-tuning threat library, adaptive workbench and open exchange allow you to quickly understand threats, make better decisions and accelerate detection and response.<br /><br /><span style=\"font-weight: bold; \">HOW THREATQ WORKS:</span><br /><br /><span style=\"font-weight: bold; \">THREAT LIBRARY</span><br /></span>\r\n<span style=\"font-weight: bold; \"><span style=\"font-size: 8pt; font-family: Calibri, Arial; font-style: normal; color: rgb(0, 0, 0); \">Shared Contextual Intelligence</span></span>\r\n<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Using ThreatQ as a threat intelligence platform equips you with a threat library that automatically scores and prioritizes threat intelligence based on parameters you set. Prioritization is calculated across many separate sources, both external and internal, to deliver a single source of truth using the aggregated context provided. This removes noise, reduces risk of false positives and enables users to focus on the data that really matters.<br /></span>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Self-tuning</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Context from external + internal data</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Structured and unstructured data import</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Custom enrichment source for existing systems</span></li></ul>\r\n<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \"><br /><span style=\"font-weight: bold; \">ADAPTIVE WORKBENCH</span></span>\r\n<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \"><span style=\"font-weight: bold; \">Combine Automation and Human Intelligence for Proactive Detection and Response</span></span>\r\n<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Customer-defined configuration and integrations to work with your processes and tools. Customizable workflow and customer-specific enrichment streamline analysis of threat and event data for faster investigation and automates the intelligence lifecycle.</span>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Consolidated view, unified opinion</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Automatically prioritize based on all sources</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Continuous threat assessment</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Push-button operations using existing tools and processes</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">User-specific watch list widget</span></li></ul>\r\n<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \"><span style=\"font-weight: bold; \"><br />THREATQ INVESTIGATIONS</span></span>\r\n<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \"><span style=\"font-weight: bold; \">The industry’s first cybersecurity situation room</span></span>\r\n<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">ThreatQ Investigations solves the collaboration and coordination inefficiencies that exist across security operations to accelerate detection and response. As the first cybersecurity situation room, it streamlines investigations and improves active collaboration among and across teams. Team leaders can direct actions, assign tasks and see the results unfold in near real time.<br /></span>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Fuse together threat data, evidence and users</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Accelerate investigation, analysis and understanding of threats in order to update your defense posture proactively</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Drive down mean time to detect (MTTD) and mean time to respond (MTTR)</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Build incident, adversary and campaign timelines</span></li></ul>\r\n<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \"><span style=\"font-weight: bold; \">OPEN EXCHANGE</span></span>\r\n<span style=\"font-weight: bold; \"><span style=\"font-size: 8pt; font-family: Calibri, Arial; font-style: normal; color: rgb(0, 0, 0); \">Open and Extensible Architecture Enables Robust Ecosystem</span></span>\r\n<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Import and aggregate external and internal data sources, integrate with existing enrichment and analysis tools, and export the right intelligence to the right tools at the right time to accelerate detection and response. Get more from your existing security investments by integrating your tools, teams and workflows through standard interfaces and an SDK/API for customization.<br /></span>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Bring your own connectors and tools</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">SDK / API for customization</span></li></ul>\r\n<ul><li><span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">Standard STIX/TAXII support</span></li></ul>","shortDescription":"ThreatQ is the only Threat Intelligence Platform that centrally manages and correlates unlimited external sources.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":2,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"ThreatQ","keywords":"","description":"<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">To understand and stop threats more effectively and efficiently your existing security infrastructure and people need to work smarter, not harder.","og:title":"ThreatQ","og:description":"<span style=\"font-size:8pt; font-family:Calibri,Arial; font-weight:normal; font-style:normal; color:#000000; \">To understand and stop threats more effectively and efficiently your existing security infrastructure and people need to work smarter, not harder."},"eventUrl":"","translationId":5887,"dealDetails":{"avgPartnerDiscount":15,"dealProtection":1,"avgDealSize":160000,"dealSizeCurrency":"","avgDealClosing":9},"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"demo request","categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":5,"title":"Enhance Staff Productivity"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":177,"title":"Decentralized IT systems"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":384,"title":"Risk of attacks by hackers"},{"id":385,"title":"Risk of data loss or damage"},{"id":382,"title":"High costs of IT personnel"}]}},"categories":[{"id":874,"title":"Threat Intelligence Platforms","alias":"threat-intelligence-platforms","description":"Threat Intelligence Platforms (TIPs) are an emerging technology discipline that helps organizations aggregate, correlate and analyze threat data from multiple sources in real time to support defensive actions. TIPs have evolved to address the growing amount of data generated by a variety of internal and external resources (such as system logs and threat intelligence feeds) and help security teams identify the threats that are relevant to their organization. By importing threat data from multiple sources and formats, correlating that data and then exporting it into an organization’s existing security systems or ticketing systems, a TIP automates proactive threat management and mitigation. A true TIP differs from typical enterprise security products in that it is a system that can be programmed by outside developers, in particular, users of the platform. TIPs can also use APIs to gather data to generate configuration analysis, WHOIS information, reverse IP lookup, website content analysis, name servers and SSL certificates.\r\nThe traditional approach to enterprise security involves security teams using a variety of processes and tools to conduct incident response, network defense and threat analysis. Integration between these teams and the sharing of threat data is often a manual process that relies on email, spreadsheets or a portal ticketing system. This approach does not scale as the team and enterprise grows and the number of threats and events increases. With attack sources changing by the minute, hour and day, scalability and efficiency is difficult. The tools used by large Security Operations Centers (SOCs), for example, produce hundreds of millions of events per day, from endpoint and network alerts to log events, making it difficult to filter down to a manageable number of suspicious events for triage.\r\nThreat intelligence platforms make it possible for organizations to gain an advantage over the adversary by detecting the presence of threat actors, blocking and tackling their attacks or degrading their infrastructure. Using threat intelligence, businesses and government agencies can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.\r\nTactical use cases for threat intelligence include security planning, monitoring and detection, incident response, threat discovery and threat assessment. A TIP also drives smarter practices back into SIEMs, intrusion detection and other security tools because of the finely curated, relevant and widely sourced threat intelligence that a TIP produces.\r\nAn advantage held by TIPs is the ability to share threat intelligence with other stakeholders and communities. Adversaries typically coordinate their efforts across forums and platforms. A TIP provides a common habitat, which makes it possible for security teams to share threat information among their own trusted circles, interface with security and intelligence experts and receive guidance on implementing coordinated counter-measures. Full-featured TIPs enable security analysts to simultaneously coordinate these tactical and strategic activities with incident response, security operations, and risk management teams while aggregating data from trusted communities.","materialsDescription":"<span style=\"font-weight: bold;\">What is a threat?</span>\r\nA threat is the ability of an entity to gain access to or interfere with the usual planned activities of an information network.\r\n<span style=\"font-weight: bold;\">What is an APT?</span>\r\nAn advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.\r\n<span style=\"font-weight: bold;\">What is phishing?</span>\r\nPhishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.\r\nPhishing is an example of social engineering techniques being used to deceive users. Users are often lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, online payment processors or IT administrators.\r\n<span style=\"font-weight: bold;\">What is malware?</span>\r\nMalware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client or computer network (in contrast, software that causes unintentional harm due to some deficiency is typically described as a software bug). A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software and scareware.\r\nPrograms are also considered malware if they secretly act against the interests of the computer user. For example, at one point, Sony music compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying, but which also reported on users' listening habits, and unintentionally created extra security vulnerabilities.\r\nA range of antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, to help detect it if it is already present and to recover from malware-associated malicious activity and attacks.\r\n<span style=\"font-weight: bold;\">What is a botnet?</span>\r\nA botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.\r\n<span style=\"font-weight: bold;\">What is a DDoS-attack?</span>\r\nA distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic. A botnet is a network of zombie computers programmed to receive commands without the owners' knowledge. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This, ultimately, will end up completely crashing a website for periods of time.\r\n<span style=\"font-weight: bold;\">What is ransomware?</span>\r\nRansomware is a type of malware from cryptovirology that threatens to publish the victim's data, or perpetually block access to it, unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.<br />Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/threat-intelligence-cyber.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"","title":"Supplier's web site"}},"comments":[],"referencesCount":0}]}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}
