NormShield is not just about vulnerability management or continuous perimeter monitoring. Cyber Threat Intelligence service only exists for cloud use and harvests cyber threat data from multiple sources and provide actionable intelligence to you so that you can take preventive measures.
The below image shows an example CTI Dashboard;
Some of the services (not sub-services) included by Cyber Threat Intelligence (CTI) are;
- Brand Monitoring - Monitoring company brand appearing in social media and online resources
- Data Leakage - Finding leaks of company related data in online resources
- Data Leakage - Premium - Finding leaks of company related data in online resources in deep and dark web
- Dynamic DNS Monitoring - Monitors your trademark keywords in dynamic dns sources
- Fraudulent Domain Activity Monitoring - Detection of any fraudulent activity preparation of inactive fraudulent domains
- Fraudulent Domain Daily FollowUp - Monitors your trademark keywords in daily domain registration lists
- Fraudulent Domain Monitoring - Detection and monitoring of similar fraudulent domains
- Fraudulent Mobile App Monitoring - Monitoring mobile applications that can be used in possible fraudulent activities in application stores
- Reputation Monitoring - Monitoring company's assets against reputation blacklists in several sources
- Reputation Monitoring - Premium - Monitoring company's assets against premium reputation blacklists
- Social Media Monitoring - Monitoring company's brand in social media against any suspicious activity
All of these data when the related service and sub-services enabled are collected in the CTI Dashboard as a part of SecOps.
As always, the first row contains badges.
The first badge includes the NormShield CTI score for the current company. CTI Score is calculated as a collective formula based on the number of findings on reputation lists, underground-paste sites, social media as well as number of social media accounts, domain names. The bigger the number, the more likely to have risks on the overall assets.
The second badge includes the ratio of overall released fraudulent domains we think related to company to confirmed company-related fraudulent domains.
The third badge contains the ratio of company-related, suspected data leakages to over all data leakages found by NormShield.
The fourth badge includes the ratio of company-related, suspected reputation list entries to overall reputation list entries found by NormShield.
The fifth badge includes the ratio of company-related, suspected tweets to overall tweets posted on Earth.
And the last badge includes the number of released fraudulent domains we think related to company to overall domains registered on Earth.
The second row is divided into two parts;
The first part contains the satellite map of the locations that produce certain types of attacks. The second part contains recent security news feed published on certain security resources.
The third row is divided into four part;
The first graph shows the Alexa trend of the most popular domain (local to Alexa) of the current company. The second graph shows the Majestic trend of the most popular domain (local to Majestic) of the current company. The third graph shows the overall number changes of daily domain registrations. The fourth graph shows the overall daily tweet counts.
The last row contains two lists. The first one is the top countries consuming attacks and the second one is the top countries producing the attack vectors.