Responding to security incidents today is rarely a straightforward process. Investigative actions are performed by disparate personnel and teams who may be siloed and rely on “cut and paste” workflow, unwieldy spreadsheets, and awkward email chains to share information and put together reporting needed by key stakeholders throughout an organization. These inefficient administrative processes take away valuable time that’s needed for analysis and investigation.
Teams today need an effective way to quickly to visualize incidents, enrich data from multiple sources, share and collaborate with other teams in real-time, and preserve and report the results – all from a single interactive workspace. We’re excited to announce a new integration between FireEye Threat Intelligence and King and Union’s Avalon platform that will help teams improve these incident response processes and reduce the amount of time spent on manual, administrative tasks – giving them more time to focus on security.
Avalon is a SaaS link analysis platform that enables teams to work together in real time within a single interactive workspace to quickly visualize and investigate threats, review and share investigative results and then easily create and deliver reporting to the right person in the right format. FireEye Threat Intelligence has been recognized as the sole Leader in the Forrester New Wave™ for External Threat Intelligence Services, Q3 2018 report. Working together, this integration enables security teams to automatically visualize and enrich threat data with FireEye Threat Intelligence as well as integrate it with other internal or external data sources – allowing security teams to work as efficiently as possible.
Here’s a quick walkthrough to show you how:
Using FireEye Threat Intelligence for enrichment within Avalon is easy. Simply set up an API key, drop an indicator in the Avalon workspace and click enrich to pull in data from FireEye Threat Intelligence. You can also pull in additional threat data from other internal or external sources into the workspace for further enrichment.
Interact & Visualize
Avalon workspaces provide analysts, IR teams, and others with a centralized place to work together in real-time on an incident. Creating trusted groups allows multiple analysts and teams -both inside or outside the organization – to work together in the Avalon workspace to interact with the link-analysis graph, enrich the artifacts with additional data, chat and collaborate on the incident in real-time – saving valuable time and resources.
Deliver & Preserve
Once the investigation is complete, you can easily deliver finished intelligence and reporting to key stakeholders directly from Avalon in a format that works best for them. Using Avalon as a centralized knowledge management repository, FireEye Threat Intelligence data can be continually populated with the latest data and analysis and any new investigations in the future can be automatically enriched from previous ones.
Working together, Avalon and FireEye Threat Intelligence empowers analysts and security teams to more efficiently visualize and enrich data, work together to investigate threats, quickly take needed actions, and greatly reduce the time spent on manual and administrative tasks to create and deliver investigation results to key stakeholders throughout your organization.