Cyveillance Cyber Threat Center: Threat Intelligence services overview

Posted by Admin on July 30, 2015

Cyveillance Inc. is a business-to-business provider of cyber intelligence. Founded in 1997, the company initially specialized in phishing attack prevention and remediation, but has expanded to provide global threat intelligence through its cloud-based Cyveillance Cyber Threat Center platform, designed for use by security and threat analysts.

The Cyber Threat Center platform gathers digital and physical threat data from millions of online sources. (Physical threats are activities targeted against individuals or facilities as a result of protests and geopolitical unrest, for example, posts on social media sites or underground channel information.) Cyveillance's automated tools search for indicators across the Internet, which may uncover upwards of 5 million per day. The data is filtered, tagged and scored, with human analysts choosing the most relevant information (perhaps 50 to 100 items) to share with customers.

The Cyber Threat Center information portal provides 24/7 access to a suite of tools, global intelligence reports and databases that include phishing attacks, URL/domain names, Internet Protocol (IP) addresses, hosts, targets, cyberattacks and threat actors. The portal's main page displays management dashboards for the source, volume and categories of collected data and saved items.

In addition, Cyveillance sends customized threat-related email alerts, and provides custom threat intelligence services and reports for executive security and brand security, analyst support and other services, such as takedowns and recovery.

Data feeds

Cyveillance provides data feeds for phishing URLs and in-the-wild malicious URLs, which cover high-risk hosts, domain names, websites, malicious payloads and IP addresses. The feeds are available in XML via secure FTP or a HTTPS Web service. (Application programming interfaces are under development as of March 2015.) Customers download and incorporate Cyveillance data feeds into perimeter defense systems, such as firewalls and security information and event management, and integrate them with other feeds if desired.

Note: Cyveillance partners with Centripetal Networks Inc., which includes Cyveillance data feeds in its products.

Typical Customer

A Cyveillance customer is typically a larger midmarket or enterprise customer with its own security operations center or threat intelligence center, with at least one full-time security analyst on staff. However, the customer base is changing.

Small companies face many of the same threats as their larger counterparts, and -- if regulated -- must meet the same audit and reporting requirements. As a result, Cyveillance also supports small organizations that have a high attack profile or must protect highly valuable assets or intellectual property, such as a regional bank or medical center.

Pricing and Licensing

Customers purchase a monthly subscription to the Cyveillance Cyber Threat Center portal, which gives them access to analyst insights, data feeds and other threat information. Pricing is based on the volume of data consumed.

A small organization with a low threat profile might pay $1,000 per month. Whereas an enterprise or other high-profile company with a lot of activity associated with its brand could pay $10,000 or more per month.

Consulting and custom reports are not part of the monthly subscription fee.

Support

Customers can reach Cyveillance by phone or Web forum for assistance with a Cyveillance subscription. For an additional cost, Cyveillance performs takedowns of phishing sites, fake Facebook accounts, imposter accounts and rogue mobile apps, and can provide malware sandboxing.

Tags: TechTarget: Buying Decisions