Use case

Create customized defenses with contextual intel

Build a tailored defense system based on the unification of external threat intel and the hidden, contextual intelligence inside your enterprise.

Identify the IoCs that matter most

The Inception platform extracts IoCs and observables from suspicious files in your environment. Its inside-out approach ensures that the identified IoCs are applicable to your organization. This keeps the volume low while providing important context to your analysts about where each IoC came from and how your team can best defend against it.

These low-volume, targeted IoCs can be used to block adversary access via integration with your protection tools (firewalls, EDR, etc.) or used for enrichment of detection and response information.

Inception prioritizes threats inside your environment, while continuously analyzing your files against the latest threat intelligence from multiple sources, so that you can re-evaluate your findings as new information comes in.

Image at right is an example of how Inception helps you identify IoCs in every file in your environment. 

Why isn’t traditional threat intel more actionable?

The sheer volume of threat intel observables and IoCs is overwhelming and unmanageable. If you’re like most enterprises, you subscribe to more than a dozen threat intel feeds from various sources that generate millions of IoCs everyday that you simply can’t consume.

Low-quality and irrelevant threat intelligence causes inferior security outcomes and wastes precious resources. Most threat feeds lack context and thus analysts do not have a good way of figuring out which IoCs are critical to your organization and which can be ignored.

The intel is stale. By the time it reaches the feeds, adversaries have likely moved their activities to other venues.

Current approaches don’t support operationalizing threat intelligence at scale. Existing tools don’t allow the testing of hundreds of file hashes or YARA rules a day. It’s hard to understand how much threat coverage their threat intelligence provides and where the biggest gaps are.

Transform intel into knowledge

The Inception platform enables you to operationalize your threat intelligence from many sources: vendors, ISACs, and open source, while prioritizing and refining the intelligence extracted from your environment. You can:

  • Continuously evaluate your environment against newly emerging intelligence
  • Use your customized intel to create novel defenses
  • Identify never-before-seen indicators of compromise

By understanding first what is happening inside your own environment, you have the context to interpret, tailor, and apply threat intelligence in a way that is specific and unique to your organization. And by operating in this way, you move from being a consumer of threat intelligence to security practitioner with actionable security knowledge.

Who’s using it

Organizations and security teams in all industries find value in Inception:

  • Threat intelligence and hunting analysts benefit from high-confidence, fresh, threat intel IoCs tailored for their environment. This keeps the volume low while providing important context to the analysts about where this IoC came from and how it can help them defend the organization.
  • SOC analysts are able to use Inception tools to up-level their threat analyst skills.
  • Incident response engineers can respond to attacks more efficiently and protect against future attacks by blocking bad actor IoCs.
  • Detection engineers can efficiently harvest custom threat intel and use it to write YARA-based detection rules and enrich detection and response information.
  • CISOs are able to scale and operationalize their team’s threat intelligence programs with a focus on the IoCs that matter most to their organization.