The challenge

Incident response activities often include repetitive tasks based on fragmented or insufficient information. Irrelevant alerts which cause fatigue and disparate tools for different tasks all add up - SOC analysts find it very difficult to keep up. At the same time, threat actors are actively searching for potential vulnerabilities and entry points. Once in the hands of even an amateur attacker, malicious tools can inflict considerable damage to an organization. However, it is not simple for an analyst to manually find threats - They would have to be familiar with the underground’s many forums and markets and also require them to have advanced skills and considerable time.

Cybersixgill Solution

Cybersixgill’s actionable alerts solution is designed to help SOC and CTI analysts fight cyber crime, detect phishing, data leaks, fraud and vulnerabilities as well as amplify incident response in real-time. The Cybersixgill alert integration empowers security teams that are using Microsoft Sentinel with contextual and actionable insights as well as the ability to proactively remediate threats as they emerge.

Contextual data per alert includes:

• Know - Date, Description, Triggered Asset

• Evaluate - Threat Level

• Classify - Threat Type

• Investigate - Actor, Site, Post details

• Action - Cybersixgill Assessment and Recommendations

Alerts are triggered based on Cybersixgill data lake, collected covertly from a wide range of sources including content from limited-access deep & dark web forums and markets, invite-only messaging groups, code repositories, paste sites and clear web platforms, processed to provide comprehensive insight into the nature and source of each threat.