For the first time, you can prevent—not only detect—threats both on and off the corporate network using APIs with a cloud-delivered network security service. Together, Umbrella and ThreatConnect give you the power to curate, correlate, and take immediate action on your threat intelligence.
Learn how you can use APIs to configure Umbrella and ThreatConnect to programmatically take action on threat intelligence.
Enterprises with dedicated security operation teams struggle to operationalize multiple sources of indicators of compromise (IOCs). While your SIEM can centralize IOCs in one place, it was not built for this task. And building your own custom in-house systems require skillsets in short supply and takes months or years to complete. ThreatConnect’s collaborative Threat Intelligence Platform (TIP) removes all these manual burdens.
Even with a TIP, hours or days can still go by if you need to manually configure appliance- or agent-based defenses to take action on this newly aggregated intelligence. Umbrella is one of ThreatConnect’s defense integration partners that enable you to complete the threat intelligence lifecycle. By leveraging Umbrella APIs, ThreatConnect will automatically add and remove domains or full IOCs with our cloud-delivered network security service—Umbrella. Umbrella blocks Internet activity attributed to these domains or IOCs on any device—on or off the network—reducing the time between detection and prevention to seconds.
Using our APIs and unique view of the Internet, Investigate can enrich your threat intelligence with real-time context about suspicious domains or IPs. ThreatConnect will add our risk scores to your IOCs across a number of attacker infrastructure attributes. For example, using ThreatConnect, you can assign different actions to domains based on Umbrella detecting that they use fast flux networks (FFNs) or were created by domain generation algorithms (DGAs).