20 March 2024
GLIMPS and SEKOIA.IO: an example of interoperability against malware
Articles
GLIMPS and Sekoia.io combine AI-based malware analysis (GLIMPS Malware Expert) with the Sekoia Defend platform, which merges threat intelligence anticipation and automated detection and response to accelerate detection and enrich analyst workflows.
This integration was born through the Open XDR Platform and continues within the OXA framework, enabling SOC teams to automate file analysis, enrich alerts with behavioral verdicts, and trigger actionable responses, all within Sekoia.io and GLIMPS solutions. This collaboration enables rapid and coordinated responses to sophisticated cyber threats.
The integration of SEKOIA.IO in GLIMPS Malware enriches analysis results
GLIMPS Malware Expert natively integrates a SEKOIA.IO connector, providing a first level of automatic enrichment for certain analyses. This integration gives Malware Expert users an overview of certain contextual information relating to malware identified by GLIMPS and known by SEKOIA.IO.
And in practice?
After analysis by GLIMPS Malware Expert, you have access to the complete threat characterization displayed in your interface. Thanks to the integration with SEKOIA and if the threat is known by SEKOIA Intelligence, you also have a first level of information about the threat with the presentation of the malware sheet.
With a single click, users who are SEKOIA Intelligence customers can continue their journey through the SEKOIA.IO platform and benefit from all the known elements associated with the malicious code analyzed, such as its modus operandi, its targets, or the indicators that characterize it. This makes it much easier to choose the right actions to detect and remediate the threat.
To visualize the results provided by SEKOIA, you need to have a SEKOIA Intelligence API key.
Preview of the threat description provided by SEKOIA
Preview of known IOCs from SEKOIA and observables, with pivot links allowing you to switch from the GLIMPS Malware Expert interface to that of another tool (including SEKOIA).
Preview of the interface accessed through the pivot link to SEKOIA
The added value: enhanced threat understanding
The use of SEKOIA Intelligence operational intelligence enables the analyst to immediately understand the nature of the threat identified by the GLIMPS detection engine in order to:
– consolidate cross-referenced information on the targeted threat in a single interface
– accelerate tactical decision-making and operational responses by providing context around the identified threat.
The combination of GLIMPS’ detection power and SEKOIA Intelligence’s knowledge enables analysts to immediately understand the scale of the threat. Mean Time to Detect (MTTD) is greatly accelerated.
Switching over to the full SEKOIA.IO interface for SEKOIA Intelligence customers enables them to benefit from the full CTI knowledge of the identified threat to counter it. This time, the “Mean Time to React” (MTTR) has improved significantly.
The integration of GLIMPS Malware in SEKOIA Defend to automate doubt resolution and in-depth analysis
The aim of this integration is to automate the investigation and in-depth analysis of files linked to alerts from different sources, directly in the SEKOIA Defend console.
The GLIMPS connector in SEKOIA Defend can be configured in a matter of seconds using two elements:
– the URL of a GLIMPS Malware instance
– A GLIMPS API key
Once configured, an enrichment and analysis playbook is then available in SEKOIA Defend, making it easy to call up GLIMPS Malware to access existing analyses.
In just a few seconds, a “simple” result is obtained, including:
– File status: Malicious |Suspect | Safe
– Threat score
– Malware family
– Link to the full GLIMPS interface
What added value?
The use of GLIMPS Malware Expert in XDR SEKOIA Defend enables:
– to speed up decision-making
The in-depth file analysis provided by GLIMPS contributes to a rapid understanding of the threat and access to a very precise level of detail on each detected threat. The information extracted and shared on the platform also facilitates the implementation of security rules.
– to automate alert processing
With this integration, all alerts showing signs of suspicious files can be automated. For example, as soon as an alert is identified, the file associated with the alert can be automatically transmitted to GLIMPS for further analysis and characterization of the threat.
– to optimize resources
By automating redundant tasks and simplifying malware analysis, security teams can focus on the most complex threats, and reduce the time spent triaging alerts and clarifying doubts.
– to facilitate incident response
Once the malware analysis is received by the SEKOIA.IO playbook, further corrective actions can be automated via the SEKOIA.IO platform. For example, if a system is identified as being infected by a specific ransomware, the SEKOIA Defend XDR can automatically trigger containment measures to isolate the infected system from the rest of the network, preventing the threat from spreading.
To find out more about SEKOIA.IO:
SEKOIA.IO is Europe’s leading cybertech provider of Extended Detection and Response (XDR) solutions based on Cyber Intelligence (CTI). Its mission is to provide companies and public organizations with the best possible protection against cyber attacks.
By combining threat anticipation based on knowledge of attackers with automated attack detection and response, the SOC SEKOIA Defend platform gives security teams a veritable control tower over their information systems. Its interoperability with third-party solutions and compliance with international technical standards enable organizations to take full advantage of their existing technologies. SEKOIA.IO gives its customers the means to focus their human resources on high value-added missions, optimize their cyber defense strategy and thus regain the advantage in the face of advanced cyber threats.
To find out more: [www.sekoia.io]- [Blog] – [Linkedin] [Twitter]
Ready to take action?
