Threat Intelligence

Strengthen your defenses with always up-to-date Threat Intelligence

Know your adversaries, anticipate their moves

Certego's proprietary Threat Intelligence, focused on the Italian context and enriched with global third-party data, keeps you up-to-date with the latest attack trends.

IOC and BIOC focused on the Italian market, updated in real-time, enhance both the Managed Detection and Response (MDR) services provided by Certego and the overall security of your organization.

MDR

Enhance Certego's MDR services with more accurate analysis and rapid incident response, boosting proactive threat prevention, reducing the risk of future attacks, and strengthening the overall effectiveness of managed security.

Preventive defenses, SIEM, and SOC

Certego transforms intelligence data into actionable insights, updating firewall blocklists in real-time to block advanced attacks, while enhancing SOC and SIEM performance through in-depth analysis, detection of suspicious behaviors, and significant reduction of false positives.

Certego MDR:
enhance Services, enrich the Platform

Benefits

Detect Next-Generation Cyber Threats
Access Intelligence Feeds for the Italian Market
Enrich Analysis Data During an Incident
Make Faster and Better Decisions
Enhance Blocklists for Preventive Defense Systems

Certego Threat Intelligence

To improve the performance of our intelligence data, we have developed a proprietary application ecosystem that collects, classifies, analyzes, and shares cyber threat intelligence data 24/7.

The applications are interconnected with each other and with the PanOptikon® platform, streamlining the classification and analysis of both proprietary and third-party data.

Certego's intelligence data and information-sharing solutions accelerate Managed Detection and Response (MDR) operations, providing analysts with advanced tools for a deeper understanding of new attack techniques.

Quokka is the core of Certego’s proprietary Threat Intel ecosystem:

It collects data from honeypots, network and endpoint sensors, information-sharing communities, and the dark web.
It provides a detailed and highly reliable verdict, based on the context of an IOC detection and any external sources.
It processes and correlates the data to produce actionable intelligence.

IntelOwl collaborates with Quokka to enhance and validate the Threat Intel data collected:

It is an automation tool for requesting analysis of observable artifacts (simple IOCs: IPs, domains, hashes) from various external sources.
It aids analysts by automating routine reputation checks on observables discovered during the analysis of suspicious situations.
It leverages cutting-edge tools for malware analysis, such as Yara and Cuckoo, as well as external services like Passive DNS.

Partnership

Certego's intelligence feeds are internationally recognized for their quality, as demonstrated by the partnership where Certego serves as a Threat Intelligence contributor for major global distribution sources.

Certego is Threat Intelligence contributor to VirusTotal since 2019, the world’s most comprehensive and widely used threat intelligence platform.

Certego shares its IOCs with CrowdSec, the open-source project that uses crowdsourced data to identify and block malicious IPs in real-time on a global scale.

Certego shares its DNS with SIE Europe, whose mission is to make the European digital economy safer through the collection and sharing of relevant data to combat cybercrime.

Certego is a member of The Honeynet Project, the international non-profit organization focused on sharing cybersecurity threat knowledge and creating open-source projects. Certego participates annually in workshops as a trainer and in the Google Summer of Code as a mentor.

Certego actively participates in FIRST (Global Forum of Incident Response and Security Teams) activities. In 2024, we presented as speakers at the Fukuoka conference, showcasing the IntelOwl project, and also participated in the OCSC 2024 in Tenerife.