search external-link twitter facebook feed google-plus linkedin angle-left angle-right angle-up angle-down youtube-play
Hexadite - Security Orchestration and Automation - Automated Incident Response
Group Created with Sketch.
Open Menu
Threat Intelligence Cloud
Comparing against known threat data from multiple sources to determine what to do next.

Collective intelligence to evaluate threats

Threats change quickly. In order to stay up-to-date with known malicious entities, using constantly updated threat intel feeds is critical. Hexadite’s Threat Intelligence Cloud aggregates real-time data from multiple threat sources to decide whether the source of an alert is malicious or benign.

Multiple Threat Intel Sources

Most organizations don’t have access to multiple threat intelligence sources. Those that do struggle to balance their time between staying on top of threat feeds and extracting actionable intelligence to make decisions.

Using multiple threat intelligence sources, Hexadite AIRS is able to compare threats to determine whether a file, process, or IP address is known good, known bad, or unknown. Comparing each entity to dozens of sources allows Hexadite AIRS to build a confidence score before moving on to in-depth inspection.

Known Good and Known Bad

In many cases, Hexadite’s Threat Intelligence Cloud can immediately identify known good or bad entities based on an overwhelmingly high match rate among threat intelligence providers. When an entity is incriminated, Hexadite AIRS will detonate the file in several sandboxes to understand the behavior and spawned processes in order to take appropriate remediation actions on the affected endpoints.

Screen Shot 2016-06-06 at 8.48.33 AM