20 March 2024
GLIMPS and SEKOIA.IO: a new example of interoperability within the OPEN XDR PLATFORM
Articles
The Open XDR Platform is an alliance bringing together specialized and complementary cybersecurity solution providers to offer a rapid, coordinated response to the ever-increasing number and sophistication of cyberattacks.
This modular, customizable approach provides analysts and security managers with the components they need to better deliver their day-to-day business. This alliance is based on the development of connectors between the various players to enrich each solution.
With this in mind, and to take advantage of the synergies offered by the Open XDR Platform, SEKOIA.IO and GLIMPS have worked on the interoperability of their solutions.
First use case: the SEKOIA.IO connector in GLIMPS Malware
GLIMPS Malware Expert natively integrates a SEKOIA.IO connector, providing a first level of automatic enrichment for certain analyses. This integration gives Malware Expert users an overview of certain contextual information relating to malware identified by GLIMPS and known by SEKOIA.IO.
How does it work in practice?
When an alert is sent after analysis by GLIMPS Malware Expert, the full characterization is displayed in the complete GLIMPS Malware Expert view. But also a first level of information on the threat with the presentation of the malware file known by SEKOIA Intelligence. With a single click, users who are SEKOIA Intelligence customers can continue their journey through the SEKOIA.IO platform and benefit from all the known elements associated with the malicious code analyzed, such as its modus operandi, its targets, or the indicators that characterize it. This makes it much easier to choose the right actions to detect and remediate the threat.
What added value?
The use of SEKOIA Intelligence operational intelligence enables the analyst to immediately understand the nature of the threat identified by the GLIMPS detection engine in order to:
– consolidate cross-referenced information on the targeted threat in a single interface
– accelerate tactical decision-making and operational responses by providing context around the identified threat.
The combination of GLIMPS’ detection power and SEKOIA Intelligence’s knowledge enables analysts to immediately understand the scale of the threat. Mean Time to Detect (MTTD) is greatly accelerated.
Switching over to the full SEKOIA.IO interface for SEKOIA Intelligence customers enables them to benefit from the full CTI knowledge of the identified threat to counter it. This time, the “Mean Time to React” (MTTR) has improved significantly.
Second use case: integrating GLIMPS Malware into SEKOIA.IO's XDR platform (SEKOIA Defend)
The aim of this integration is to automate the investigation and in-depth analysis of files linked to alerts from different sources, directly in the SEKOIA Defend console.
The GLIMPS connector in SEKOIA Defend can be configured in a matter of seconds using two elements:
– the URL of a GLIMPS Malware instance
– A GLIMPS API key
Once configured, an enrichment and analysis playbook is then available in SEKOIA Defend, making it easy to call up GLIMPS Malware to access existing analyses.
In just a few seconds, a “simple” result is obtained, including:
– File status: Malicious |Suspect | Safe
– Threat score
– Malware family
– Link to the full GLIMPS interface
What added value?
The use of GLIMPS’ eXtended Malware Analysis Platform in XDR SEKOIA Defend enables:
– to speed up decision-making
The in-depth file analysis provided by GLIMPS contributes to a rapid understanding of the threat and access to a very precise level of detail on each detected threat. The information extracted and shared on the platform also facilitates the implementation of security rules.
– to automate alert processing
With this integration, all alerts showing signs of suspicious files can be automated. For example, as soon as an alert is identified, the file associated with the alert can be automatically transmitted to GLIMPS for further analysis and characterization of the threat.
– to optimize resources
By automating redundant tasks and simplifying malware analysis, security teams can focus on the most complex threats, and reduce the time spent triaging alerts and clarifying doubts.
– to facilitate incident response
Once the malware analysis is received by the SEKOIA.IO playbook, further corrective actions can be automated via the SEKOIA.IO platform. For example, if a system is identified as being infected by a specific ransomware, the SEKOIA Defend XDR can automatically trigger containment measures to isolate the infected system from the rest of the network, preventing the threat from spreading.
You’ve had a brief glimpse of the power of the OPEN XDR Platform and the association of two cybersecurity players.
If you’d like to find out more and discover all the possibilities offered by the players on this platform: SEKOIA.IO , HarfangLab, Vade, Gatewatcher, Pradeo, Wallix and GLIMPS, go to: https://www.openxdrplatform.io/
If you’d like to find out more about SEKOIA.IO, it’s here:
Discover sekoia.io
SEKOIA.IO is Europe’s leading cybertech provider of Extended Detection and Response (XDR) solutions based on Cyber Intelligence (CTI). Its mission is to provide companies and public organizations with the best possible protection against cyber attacks.
By combining threat anticipation based on knowledge of attackers with automated attack detection and response, the SOC SEKOIA Defend platform gives security teams a veritable control tower over their information systems. Its interoperability with third-party solutions and compliance with international technical standards enable organizations to take full advantage of their existing technologies. SEKOIA.IO gives its customers the means to focus their human resources on high value-added missions, optimize their cyber defense strategy and thus regain the advantage in the face of advanced cyber threats.
To find out more: [www.sekoia.io]- [Blog] – [Linkedin] [Twitter]
Please contact us for more information: contact@glimps.re