The Threat Intelligence Platform (TIP) is a product for enterprise users, which provides localized deployment, enables intelligence use, and facilitates users to efficiently use intelligence to discover threat products. TIP enables enterprises to easily use threat intelligence to enhance their own detection, response, and prevention capabilities in security construction, so as to accurately, comprehensively, and timely discover threats. It realize rapid characterization and diagnosis of events, and is able to connect with users' local security devices to achieve integrated management, and prevent attacks in earlier phases. Deploying a threat intelligence platform is critical in active defense, and it is the best way for enterprises to improve their security operations.
● Localized Threat Intelligence Center
Through indicator of compromise, file reputation, IP reputation, vulnerability intelligence, APT intelligence, security advisories and other types of highly accurate, high-quality massive intelligence data, it helps enterprises to establish their own threat intelligence center, which can be connected with their own 4A system to realize easy access for administrators and branch operators, it also assist security analysts to triage threats and response to it.
● Uses Vulnerability to Anticipate Threats
With in-depth analysis and evaluation, the platform provides comprehensive vulnerability intelligence based on potential risks. It also provides API service, subscription of intelligence, to help organizations build its own vulnerability data, prioritize risks, and understand the threats and its impact.
● Email Threat Detection
To provide localized and automatic mail batch detection service for enterprises, TIP integrates the OWL and RAS engines developed by QAX, through signatures and rules to conduct in-depth detection. It has the ability to detect malicious email and its attachment.
● Multi-source Intelligence Aggregation
Enterprises can access third-party intelligence, integrate and manage IOC intelligence, file reputation, IP reputation, advanced intelligence, open source intelligence, customized intelligence, self-produced intelligence and other business intelligence; including standardized and non-standardized intelligence formats for intelligence sharing and use.
● Threat Triage for Efficient Decision-making
Platform provides multi-source intelligence, and multi-dimensional security alerts, including tactical intelligence, strategic intelligence and advanced human-read intelligence; giving rich insights to managers for better security decision-making.
● STIX Intelligence Sharing
It support STIX format for third-party access. The content covers full aspect of threat information with flexibility, extensibility, automation and interpretability, to achieve seamless integration in different of security scenarios.