Palisade® Threat Intelligence Management and Analyst Workflow Platform 3.5 Release
The Leidos product engineering team announces the release of Palisade® 3.5. The latest version of our threat intelligence management platform includes improved search capabilities, an expansion of our API, increased support of STIX™ files and CybOX™ objects, and the ability to automatically extract indicators from a block of text to easily add to your database.
Search Efficiently and Report Effectively
Palisade enables analysts to recognize connections between incidents by storing all historical data in one location. Powered by Elasticsearch, related events can be quickly found and linked to one another to identify broader campaign activity. A comprehensive profile of adversary activity can be built to understand where, when, why, and how the attack was engineered and executed.
Investigation begins the moment an alert is generated. Analysts pull available data from each phase of the Cyber Kill Chain® to understand the progression of the attack (How did they get here?), the point of detection (Where did we stop them?), and then synthesize the trajectory of the uninterrupted attack (What could have happened?). Utilizing Elasticsearch, cyber analysts can search on indicators from an alert to identify potentially related incidents and determine if common tactics, techniques, and procedures (TTPs) validate association with a known campaign.
The latest version of our threat intelligence management platform includes an expanded version of our API, allowing your organization to push and pull data from Palisade to allow for integrations with all of your security tools. This robust API can also help you automate specific reporting requirements needed to provide leadership with an understanding of the specific threats your organization is facing.
Streamline Sharing and Collaboration with Trusted Partners
Cyber-mature organizations find they’re in a position to emerge as a leader and trusted partner in their industry. Palisade 3.5 allows the importing and exporting of STIX™ version 1.2, as well as all other previous versions of this standard. This includes support for the Report construct, which can be used to give context to a set of STIX content. Additional CybOX™ objects can also be ingested, to ensure you can receive intelligence from external sources and share with industry partners on the latest threats.
New capability to automatically extract indicators from a block of text to easily add to your indicator database enables analysts to find relevancies faster and connect broader campaign activities for improved context. Data imported from trusted partners often describe an entire attack in detail. The contents include numerous atomic indicators such as IP addresses, email addresses, hash values, etc. With Palisade, analysts can paste the text block into the alerts details field. With a push of the button indicators are extracted and parsed out so the analyst can review and select the indicators to be added to the database.
After alert details are added, the indicator extraction feature provides the analyst the ability to select or deselect indicators to add to the database and edit details as needed.
Incident Data Management and Intelligence in One Place
Palisade® can help your organization leverage your threat intelligence and take a more effective approach to computer network defense. By acting as the central tool for incident response and investigations, Palisade becomes the hub for SOC operations. Analysts now have a structured workspace to respond to cyber events and unearth intelligence that can be fed back into their defenses to create a more resilient environment.
A unified enterprise defense approach helps clients evolve from being purely reactive to producing and mining actionable intelligence to create a proactive posture. Palisade supports this approach by providing integrated case and intelligence management capabilities to enable and empower cyber analysts.
Find out how Palisade® can empower your team to turn incident response into incident prevention. Request a demo today.
Cyber Kill Chain is a registered trademark of Lockheed Martin.