Everything You Wanted to Know About Cyjax's Indicators of Compromise
With the recent launch of our Cyber Intelligence Marketplace, we’re excited to continue our blog series highlighting each of our partners. In this blog, we would like to introduce you to our new partner Cyjax and their feeds which are now available on our Cyber Intelligence Marketplace.
Who is Cyjax? Tell Us About Yourself?
Established in 2012, Cyjax has built a reputation for producing world-class cyber threat intelligence across a broad range of sectors. We have developed our innovative technology from the ground up. This, combined with years of experience in the intelligence community, has made Cyjax a world class security and intelligence company. We have a strong community presence in the Threat Intelligence world and longstanding relationships with the UK public sector, financial services, and the health and pharmaceuticals sector.
How does Cyjax Collect Intelligence?
Cyjax covers a vast and dynamic list of sources across the Clearnet, darknet and deep web. Our approach to data and information collection is two-pronged: we automate data collection from many sources and filter the results; then move onto the second part of our approach.
This requires a human analyst. Some sources cannot be covered using the Cyjax Platform’s automated tooling: where the terms of use policy restrict automated coverage, for example, or where there is a technical limitation. This is the case for areas that are harder to access, particularly with closed sources.
Once the collection is completed, analysts then review, enrich and transform the data and information into intelligence. This includes validating and attributing Indicators of Compromise (IOCs) to specific incident reports where users can choose to receive the feed of validated IOCs.
What makes Cyjax’s Threat Intelligence Unique?
Unlike other sources of IOCs, Cyjax does not subscribe to the quantity over quality approach and instead ensures the IOCs provided in our feed(s) are validated and contextualized. This approach drastically reduces the number of false positives and ensures that when a match is identified, it deserves the time and attention required to investigate it.
What Types of Threats will Cyjax Protect Customers From?
IOC’s play a valuable role in protecting customers from compromise. Specifically, IOC’s that detail domains and IP addresses of malicious cyber-attacks can be leveraged to immediately, and immediately, block communication from or to the organization. IOCs detected in logs or SIEM as destination traffic may help detect an internal compromise. File Hashes of the malware used in cyberattacks aid defenders in hunting threats within their infrastructure. Rapid collection and dissemination of IOCs, and directing proactive and reactive efforts, forces malicious actors to burn through C2 infrastructure. This, in turn, pushes organizations – armed with a steady stream of IOCs – to adopt a robust security posture against compromise, sensitive data exfiltration and ransomware attacks.
What’s One Interesting Attack/Threat Trend You Are Seeing?
In recent months, cybercriminals and APT groups have unleashed targeted IT supply-chain compromise cyberattacks. The headlines were dominated by the APT28 attack on SolarWinds where several pieces of malware were inserted into the flagship monitoring product called Orion to conduct espionage against the US government and other targets. The REvil ransomware attack which leveraged the Kaseya managed service platform resulted in serious problems for the Managed Service Providers (MSP) that serve thousands of mid-market firms. Within minutes of this attack, Cyjax was able to provide the IOCs on Revil campaign from analysis of the malware.
Hope you enjoyed learning more about Cyjax’s IOCs! In case you didn’t get to see it live, you can watch a recording of our joint webinar to hear Threater CRO Todd Weller and Cyjax CISO Ian Thronton-Trump walk through our partnership.
Want to learn more about Threater’s Cyber Intelligence Marketplace? You can read our blog, watch our webinar, or read our FAQ to get all the details. And stay tuned to dig in & learn about another partner next week!