Collective intelligence to evaluate threats
Threats change quickly. In order to stay up-to-date with known malicious entities, using constantly updated threat intel feeds is critical. Hexadite’s Threat Intelligence Cloud aggregates real-time data from multiple threat sources to decide whether the source of an alert is malicious or benign.
Multiple Threat Intel Sources
Most organizations don’t have access to multiple threat intelligence sources. Those that do struggle to balance their time between staying on top of threat feeds and extracting actionable intelligence to make decisions.
Using multiple threat intelligence sources, Hexadite AIRS is able to compare threats to determine whether a file, process, or IP address is known good, known bad, or unknown. Comparing each entity to dozens of sources allows Hexadite AIRS to build a confidence score before moving on to in-depth inspection.
Known Good and Known Bad
In many cases, Hexadite’s Threat Intelligence Cloud can immediately identify known good or bad entities based on an overwhelmingly high match rate among threat intelligence providers. When an entity is incriminated, Hexadite AIRS will detonate the file in several sandboxes to understand the behavior and spawned processes in order to take appropriate remediation actions on the affected endpoints.