We have developed a proprietary Threat Intelligence Platform, called Quokka, which lies at core of the whole Certego’s Threat Intelligence ecosystem.
The Platform allows to gather, classify, analyze and share actionable cyber threat intelligence data as they evolve around the clock.
Quokka is the heart of Certego’s proprietary Threat Intel Platform:
IntelOwl Platform, an open source project which can be downloaded for free from GitHub, is also used to gather and share third parties Indicator Of Compromise (IOC) with the Certego PanOptikon Platform.
All these data are used to produce tactical information which are shared as detection signatures on all the deployed Certego Network Sensors (preserving anonymity and privacy of the organization). They are then directly used by the Certego Incident Response Team during Incident Response, to enable it to detect, understand and address cyber threats at speed, as well as leveraging a retro-hunting functionality.
Certego Threat Intelligence Ecosystem is fully integrated with the Certego proprietary and open-source sandboxes, such as Certego Dragonfly; these sandboxes works in various ways to analyze and understand malware functionalities; it then produces actionable information that can be used by the Certego Incident Response Team.
The Certego Threat Intelligence ecosystem can also leverage multiple honeypots as a source of information; they are deployed at different levels to allow attackers to infiltrate the systems enabling Certego Threat Research Team to study their tools, tactics and procedures.
Threat Intelligence Modules available on the Certego PanOptikon® Platform also allow Threat Intelligence IOC feeds on the customer’s network devices to be shared constantly. As a result, data can be used to enhance firewall blocklists to improve prevention capabilities.
Last, but not least, the Threat Intelligence Console allows Certego PanOptikon® users to query the Threat Intelligence ecosystem directly to retrieve information about data leakages, vulnerabilities and exploits, available on Clear, Deep and Dark Webs.Read more
Threat Intelligence means research about new techniques and procedures, and better knowledge about existing or emerging malicious threat actors. Threat Intelligence helps Certego Incident Response Team in multiple ways:
Detecting new and old cyber threats, also by leveraging on retro-hunting functionalities
Enriching data whilst investigating an incident
Speeding up analysis
Taking faster and better decisions
Shrinking the scope of an analysis
Targeted Cyber Threat Intelligence service will work h24x7x365 to collect information pertaining to the following topics:
Domain monitoring (protection against typosquatting phishing attacks)
Data leak detection (Credentials Leak) based on analysis of data breaches
VIP monitoring for identification of spear-phishing attempts
Identification of fraudulent activities against your organization in the Dark Web
Intelligence on relevant vulnerabilities (and/or exploits)
Identification of fake (or fraudulent) social accounts
Threat actor profiling (including but not limited to: TTPs, motivations, targets, etc.)
Delivery of relevant malware IOCs (including but not limited to: hashes, domain names, IP addresses, etc.)
We have also forged strong alliances with leading international companies to deliver specific Targeted Cyber Threat Intelligence services.
In this way, we can also leverage specialized analysts that harness a unique intelligence-gathering methodology to access Dark Web sources, including closed forums, underground networks and private social media groups.
As a result, information is transformed into intelligence, providing relevant, accurate and actionable intelligence to our clients, shared via the Certego PanOptikon Platform.
We love to help the community and the overall global cyber security ecosystem. This is why we are involved in several Information Sharing activities with friends and partners:
Are you interested in partnering with us to share tactical indicators of compromise or historical DNS data? Please contact us:
Do you want to report a Malicious URL, Domain or IP address? We can report it to VirusTotal! Please contact us:
Do you want to report a False Positive Detection on VirusTotal? Please contact us: