- Indicators of Compromise - IOCS (...although Indicators of compromise seems to late. I think I'd rather have a vaccine!). IOCs are things like domain names, IP addresses, email addresses of senders of malicious email, etc. Depending who you ask, there might be a hundred or so different kinds of IOCs.
- The context by which you prioritize your work: You need a way to know which of those millions of IOCs you implement in your network first, then after that, and what you need to think about next month (or which ones you tell your MSSP to implement on your behalf). This is really hard. The context by which you prioritize your defenses can mean the difference between a normal Monday - Friday, ten hour workday, or seven-day, 22 hour work day week with a short nap, a Mountain Dew and a bag of Cheetos before starting all over again.
- Want intelligence through a collaborative? For those who know the value (it's HUGE btw), we have that in Red Sky Alliance and Beadwindow. Our members get the analysis produced by the lab, and when needed crowdsource the analytics. Sometimes they simply have more to add. It's very cool, and works like you wouldn't believe!
- Need answers to hard problems? We do research and author point project reports. In one case, we identified an application sold by one large company to another --and 15G of exfiltrated, encrypted .rar files from what we believe was the trojan'd application. In another, we authored a country study on Iceland -for those considering using Icelandic datacenters as an offshore option.
- Looking for context for your SE/IM? We can help with that too. We're collecting information from about 500 highly targeted honeypots, adding more daily. The information we get is high confidence, nearly no latency, in many cases, 0-day. This stuff is the perfect feeder for gateway anti-virus, DLP, email filtering, and spam solutions. Yes, we can feed your Arcsight --and your brain.