Webroot, the market leader in next-generation endpoint security and cloud-based collective threat intelligence, today announced the release of the Webroot BrightCloud® Threat Investigator. The powerful new threat investigation tool provides enterprises, managed service providers (MSPs), and managed security service providers (MSSPs) with instant access to actionable threat intelligence on individual IPs and URLS, and the ability to drill down into each object’s category, history, and related IPs or URLs for threat investigation and incident response. In the event of an ongoing cyber investigation, this saves precious time and enables security analysts or first responders to focus on the most critical issues right away. Security personnel are then better able to mitigate the effects of a breach, limit exfiltration of customer data or intellectual property, and limit reputation-related fallout.
According to the Webroot 2016 Threat Brief, attackers are using a larger pool of IP addresses for launching attacks and are increasing their usage of new IP space as threat intelligence services improve at identifying these threats. Coupled with the overwhelming amount of information and alerts security personnel receive, this has created an environment that makes it challenging to prioritize and minimize response time. The BrightCloud Threat Investigator’s web-based, graphical user interface (GUI) research console makes research more manageable by providing insight into a number of variables, including why Webroot categorizes a specific IP or URL as malicious, why specific reputation scores are assigned, and how long a particular IP or URL has been a threat. This context allows enterprise security teams to quickly make specific data-driven decisions.
The BrightCloud Threat Investigator complements Webroot’s existing enterprise solutions. When using the BrightCloud Threat Investigator in conjunction with BrightCloud Threat Intelligence for Next Generation Firewall (NGFW), network administrators and security analysts can investigate which IPs impacting the network represent the highest risk and which can be trusted, so they can make better informed decisions when allowing or blocking IPs. When combining the Threat Investigator with BrightCloud Threat Intelligence for Security Information and Event Management (SIEM), security analysts can review prioritized IP reputation alerts, isolate the most malicious attack sources, quickly investigate the incidents and syslog data, and take appropriate action in a timely fashion. The BrightCloud Threat Investigator API is also available for Webroot technology partners to integrate with their own offerings.
“Today’s enterprises are faced with such vast quantities of threat information, millions of log entries, and thousands of SIEM alerts, and that can be overwhelming,” said Mike Malloy, executive vice president of products and strategy at Webroot. “The BrightCloud Threat Investigator provides a rich source of additional detail to help security analysts determine the right course of action, save precious time in the investigation and remediation process, and mitigate the costly effects of a breach.”
In order to identify the proverbial cybersecurity “needle in a haystack”, security personnel must use their time and resources wisely. The Webroot Threat Investigator makes this possible by leveraging the massive cloud infrastructure and machine learning technology in the Webroot® Threat Intelligence Platform. Analysts can examine individual objects and predict which of those are likely to be malicious based on their relationships with other internet objects. Webroot continuously monitors and maintains a database of over four billion IP addresses from which a dynamic list of approximately 12 million malicious IPs is updated every few minutes. The Webroot Threat Intelligence Platform correlates IP reputation data with URL, file, and mobile and PC application data to determine relationships between object types while providing a predictive risk score for each IP and URL.
For more information, please visit Webroot online at www.webroot.com/Webroot-BrightCloud-Threat-Investigator.