Threat Intelligence Platform for Federal Agencies

US Air Force LCMC Cryptologic Division

As the largest attack surface for most firms, the enterprise network is often the weakest link in any security strategy. Today’s enterprise networks are complex and have evolved from simple gateway networks to large-scale mobile and cloud-based networks with hundreds of thousands of endpoints and sensors, leaving many points of entry at risk of attack. Although manual threat analysis is not scalable to larger networks, most SOCs still rely on these legacy approaches, as the availability of alternative solutions is not well-known.

A threat intelligence platform (TIP) improves an organization’s security posture by enabling automation and integration between teams involved in all areas of incident response. This includes malware analysis and incident response; cyber threat intelligence collection; continuous monitoring; security information and event management (SIEM) and log management systems; threat hunting/red teaming activities; new generation methodologies; risk management; etcetera.

A threat intelligence platform is an emerging technology discipline that helps organizations aggregate, correlate, and analyze threat data from multiple sources in real time to propagate defensive action. With a TIP, security teams can identify the threats that are relevant to their organization by importing threat data from multiple sources and formats, correlating it, then importing it into their existing security and/or ticketing systems.

Threat intelligence platforms are designed to make it possible for business and government organizations and agencies to leverage data as an offensive weapon against threats by detecting the presence of threat actors, blocking their attacks, or degrading the attack infrastructure. Using threat intelligence, organizations can also identify the threat sources and data that are the most useful and relevant to their own environment, potentially reducing the costs associated with unnecessary commercial threat feeds.

AccessAgility is on the front lines of this work. Our existing relationship with the US government has allowed us to bring Anomali Threatstream to Air Forces's Life Cycle Management Center Cryptologic & Cyber Systems Division and other IT security products and services to multiple government agencies.

We’re always looking to bring more service providers to the table. Want to work with us? Reach out here.