BrightPoint Security released its Sentinel Security Command Platform, advancing the speed and depth of threat intelligence data now available for security analysts and their executives. This release allows for ease of data access and deeper investigations into cyber threats and campaigns by going well beyond just sharing of threat indicators and observables.
BrightPoint’s Exchange integrates with existing workflows, speeding and simplifying the identification of relevant threats with context and recommendations.
The BrightPoint Security Exchange makes it easier for communities to message and share their data and insight through conversational exchanges, enabling community investigation and remediation recommendations. Urgent sighting information is incorporated into BrightPoint’s machine-learning engine where results are provided within minutes if the threat is active in the environment.
The BrightPoint Sentinel security command platform uses patented technology to automate and pinpoint threats immediately. It utilizes threat data from publicly available threat feed sources (purchased or via open source); information from inside an organization’s perimeter, from their SIEM, endpoints, or security defenses; along with information based on the sightings from organizations that are members of a Trusted Circle powered by BrightPoint technology which csn be created or participate in to share threat intelligence.
BrightPoint Sentinel consumes massive amounts of threat data that you make available from multiple sources and automatically correlates it to identify relevant threats and risks. Sentinel further enriches
this data by looking for additional context to provide a risk-prioritized score unique to the organization.
Knowing about a threat that is relevant to a user is essential, but gaining automated insight if this threat is part of a larger attack campaign or is gaining velocity is even better.
BrightPoint Sentinel enables safe and anonymous sharing of machine-readable threat information found within the perimeter of organizations that participate in Trusted Circles powered by BrightPoint technology.This provides evidence-based threat intelligence from across digital business ecosystem,
partner, affiliate, vendor, supply, and service providers. Patented technology creates a secure, bi-directional, highly distributed approach to share threat intelligence within minutes.
Enterprises gain dynamic insight into the threat trends and top ranking threats occurring within each of the Trusted Circle communities they belong to. Using adaptive machine learning, BrightPoint Sentinel is able to provide a visualization or threat weather map of the organization and views of the other members’ prioritized threat risks. No business data is exposed; only the enriched and correlated indicators of compromise and the context data about threat campaigns. Clients can also get ahead of probable imminent attacks with early warning indicators.
“Organizations continue to face the problem of lack of visibility behind the virtual perimeters of common organizations, their business partners, and others they want to collaborate with to gain a deeper understanding of the tactics, techniques and procedures (TTPs) of attacks,” said Rich Reybok, BrightPoint Security CTO. “Now, users can share their insights and the relationships of complex elements that go into determining adversary attack campaigns, which is far more valuable than sharing just observations of threats.”
With this release of BrightPoint Sentinel, users can attach documents, share tools and search conversations for threat data elements for input into accelerating machine-learning algorithms. From the Exchange threads, organizations can generate queries for sightings and orchestration to SIEM, and endpoint technologies for watch-lists and faster remediation.
Informal conversations can begin to identify the elements for a more complete threat picture that can then easily create formal and structured STIX messages to share with ISACs, ISAOs or other Trusted Circle communities automated from within BrightPoint Sentinel.
The release of Sentinel also offers significant enhancements to the solution’s dashboard views for threat trends and metrics. Users now have access to a summary dashboard that gives information about their current threat risk rating and the rating of others in their Trusted Circle communities. Threat data sources and feeds can be measured for their effectiveness in providing the most critical risks and aligning budget with value delivered from a threat feed.
The release also expands BrightPoint’s growing partner ecosystem, which currently includes Carbon Black, Hive, Elastic, HP ArcSight, IBM QRadar, RSA Security Analytics and Splunk. BrightPoint adds to this list by introducing new integrations with Tanium and deeper integration with Intel Security ESM. Sentinel can now publish lists of IP addresses associated with threats to Active Lists within Intel Security ESM, and can search Tanium for specific indicators of compromise (IOC) with its expanded endpoint coverage.