Certego Threat Intelligence
Ecosystem

We have developed a proprietary Threat Intelligence Platform, called Quokka, which lies at core of the whole Certego’s Threat Intelligence ecosystem.

The Platform allows to gather, classify, analyze and share actionable cyber threat intelligence data as they evolve around the clock.

Quokka

Quokka is the heart of Certego’s proprietary Threat Intel Platform:

  • It receives inputs and analysis requests (IPs, Domains, Files, etc.) from honeypots, sensors and users;
  • Elaborates and correlates the results to produce a response that can easily be used in multiple contexts: automated alerts, manual analysis, data enrichment, etc.

IntelOwl

IntelOwl Platform, an open source project which can be downloaded for free from GitHub, is also used to gather and share third parties Indicator Of Compromise (IOC) with the Certego PanOptikon Platform.

All these data are used to produce tactical information which are shared as detection signatures on all the deployed Certego Network Sensors (preserving anonymity and privacy of the organization). They are then directly used by the Certego Incident Response Team during Incident Response, to enable it to detect, understand and address cyber threats at speed, as well as leveraging a retro-hunting functionality.


Intelligence modules

Threat Intelligence Modules available on the Certego PanOptikon® Platform also allow Threat Intelligence IOC feeds on the customer’s network devices to be shared constantly. As a result, data can be used to enhance firewall blocklists to improve prevention capabilities.

Last, but not least, the Threat Intelligence Console allows Certego PanOptikon® users to query the Threat Intelligence ecosystem directly to retrieve information about data leakages, vulnerabilities and exploits, available on Clear, Deep and Dark Webs.

Read more

How it helps Certego IRT

Threat Intelligence means research about new techniques and procedures, and better knowledge about existing or emerging malicious threat actors. Threat Intelligence helps Certego Incident Response Team in multiple ways:

  • Detecting new and old cyber threats, also by leveraging on retro-hunting functionalities

  • Enriching data whilst investigating an incident

  • Speeding up analysis

  • Taking faster and better decisions

  • Shrinking the scope of an analysis

Targeted Threat Intelligence Services

Targeted Cyber Threat Intelligence service will work h24x7x365 to collect information pertaining to the following topics:

  • Domain monitoring (protection against typosquatting phishing attacks)

  • Data leak detection (Credentials Leak) based on analysis of data breaches

  • VIP monitoring for identification of spear-phishing attempts

  • Identification of fraudulent activities against your organization in the Dark Web

  • Intelligence on relevant vulnerabilities (and/or exploits)

  • Identification of fake (or fraudulent) social accounts

  • Threat actor profiling (including but not limited to: TTPs, motivations, targets, etc.)

  • Delivery of relevant malware IOCs (including but not limited to: hashes, domain names, IP addresses, etc.)

Partnerships

We have also forged strong alliances with leading international companies to deliver specific Targeted Cyber Threat Intelligence services.

In this way, we can also leverage specialized analysts that harness a unique intelligence-gathering methodology to access Dark Web sources, including closed forums, underground networks and private social media groups.

As a result, information is transformed into intelligence, providing relevant, accurate and actionable intelligence to our clients, shared via the Certego PanOptikon Platform.

Information Sharing

We love to help the community and the overall global cyber security ecosystem. This is why we are involved in several Information Sharing activities with friends and partners:

We are VirusTotal contributors
We are DNS0.EU partners
We are SIE Europe participants

Are you interested in partnering with us to share tactical indicators of compromise or historical DNS data? Please contact us:
ten.ogetrec@itc

Do you want to report a Malicious URL, Domain or IP address? We can report it to VirusTotal! Please contact us:
ten.ogetrec@coi

Do you want to report a False Positive Detection on VirusTotal? Please contact us:
ten.ogetrec@pf