Developed by Digital Locksmiths, the S.P.E.C Cyber Intelligence Platform is a network intelligence platform that provides any size organizations with the ability to establish full situational awareness of their network systems and vulnerabilities, by aggregating DNS, IP and other data from multiple feeds derived from your organization’s network, and from the global Internet. S.P.E.C works at scale with big data to create targeted intelligence that facilitates the rapid identification, management and remediation of network threats, including APTs.
S.P.E.C actively manages an organization’s cyber domain by combining detection, alert and response capabilities within one system.
With S.P.E.C, an organization can do the following:
- Threat detection and neutralization: S.P.E.C analyzes and scores network traffic, allowing for automatic or manual classifications for permitting, alerting or blocking connections.
- Gather intelligence: S.P.E.C’s constantly growing knowledge base provides users with the ability to access information instantly on millions of IPs, domains and malware samples.
- Establish network activity baselines: S.P.E.C allows your organization to gain perspective on network traffic levels to determine when events are occurring outside of normal bounds.
- Identify and mitigate Advanced Persistent Threats: Using S.P.E.C’s scoring system, in combination with its fusion of network-traffic data with temporal and spatial information, your organization can identify APTs, block them, and can then do further analysis by importing the information into investigative or analytical platforms.
- Geo-visualization and temporal analysis: By fusing network data with geographical and temporal components, S.P.E.C reveals the real-world context of incidents, showing where traffic is physically going and when it’s going there. This allows for the analysis of traffic patterns that can indicate malicious activity, such as behaviour that suggests the presence of a botnet.
- Threat mitigation: With S.P.E.C, organizations can create custom DNS rule sets for specific domains, CNAMES, netblocks and IPs. This allows users to block or sinkhole DNS requests occurring on the network – an effective method of mitigating threats. This capability is also useful in the analysis of security threats.
- Access the data feed: All the data that make up S.P.E.C’s knowledge base are easily accessible through an open API. This allows for an organization to query S.P.E.C to gather any known information regarding entities, and incorporate it into other tools being used in-house.
- Target templating: S.P.E.C can also be used to target-template against computer networks and other information resources, using open and closed sources.
- Future proof: S.P.E.C works with both IPV4 and IPV6, ensuring that it is compatible with the evolving infrastructure of the Internet.
S.P.E.C Cyber Intelligence and Monitoring Service
Digital Locksmiths will set-up a cloud-based instance of the S.P.E.C Cyber Intelligence platform to actively detect, analyze and mitigate cyber threats against your organization’s networks and operations, as a Managed Service offering.
The S.P.E.C Cyber Intelligence Managed Service will include the following components:
- S.P.E.C Cyber Intelligence Platform – Cloud License: this includes the licensing components for a S.P.E.C cloud implementation to secure your organization’s network.
- Initial Technical Integration and Setup: Digital Locksmiths will conduct initial technical integration and setup of the S.P.E.C system to support your organization’s operations. This will include assistance in configuring network DNS servers to utilize, to forward to Digital Locksmiths systems for S.P.E.C analysis and security coverage, as well as assistance in identifying and configuring network devices (IDS/IPS/Firewalls) to allow for identification and remediation of discrete endpoint infection and remediation efforts.
- Active Monitoring: Digital Locksmiths will provide active monitoring services to protect your organization’s network against cyber threats: A) The S.P.E.C system will actively monitor known security threats on a 24/7/365 basis. B) During business hours (0800-1800 EST) Digital Locksmiths Cyber analysts will actively monitor and analyze new and evolving cyber threats
- Active Threat Mitigation: Digital Locksmiths will implement a staged approach to large-scale data correlation and blocking to ensure proper continuity of services. After an initial baseline exercise, results (alerts, geographical, temporal statistics – and anomalies present therein) will be communicated to you in order to ensure active defence mechanisms do not pose a risk to the normal functioning of business processes or communication. After this baseline activity, active mitigation protection will commence against millions of Internet-based entities that contribute the malicious ecosystem of the internet.
- Threat Analytics Portal: Digital Locksmiths will provide your organization with access to a Threat Analytics Portal, where they can view details of their network traffic, and any security alerts, history and other analytics.
- Monthly Cyber Intelligence and Threat Reporting: Digital Locksmiths will provide you with a report on a monthly basis summarizing all threat activity detected, analyzed and mitigated by the S.P.E.C system.
- Training: Digital Locksmiths will provide initial web-based training (estimated 2-3 days) on the S.P.E.C system to your organization’s personnel.
- Support: Digital Locksmiths support personnel will be available by phone and email, and will respond to a support request within one (1) hour of receiving it. Emergency contact information will also be made available on a 24×7 basis for situations that affect the availability of network resources.