Flashpoint announced on April 24 that it is updating its Business Risk Intelligence (BRI) platform with new capabilities designed to help organizations get more actionable value from threat intelligence data.
Flashpoint is in the business of providing threat intelligence to organizations about potential risks from different threats and attackers. In the new Flashpoint platform update, the company is integrating visibility into account and card shops from the dark web, where attackers trade and sell user and payment card information. Insight into how known application vulnerabilities are being used by threat actors is also enhanced, alongside an improved dashboard to make it easier for organizations to prioritize and utilize threat data.
Flashpoint is also adding new alerting capabilities to its platform for industry alerting on threats that impact specific verticals.
"We've seen that organizations want to keep their finger on the pulse of what's going on in their industry or their sector," Josh Lefkowitz, Flashpoint's CEO, told eWEEK. "So what we've done is we've built multilanguage keyword patterns that are specific to the requirements of particular verticals."
For example, Lefkowitz said retail organizations will be most interested in finding out about new point-of-sale malware variants, while in the legal community insider threats are a primary focus.
Account and Card Shop Data
The dark web intelligence for account and card shops is new data that Flashpoint is now exposing to its customers. Lefkowitz said that Flashpoint already had access to those data sets, but the data was not directly presented to customers. Rather, the account and card shop data previously was only available in finished intelligence reports that Flashpoint provided to customers.
Lefkowitz explained that organizations can use their direct access to account and card store dark web data for a variety of purposes. For example, with compromised credit card data information, an organization can perform analytics to determine different trends about exploitation and identify if certain types of cards are at greater risk than others.
Account shop data is also particularly useful at this point in time, given the rise in credential stuffing attacks. With a credential stuffing attack, attackers use stolen usernames and passwords on multiple sites in an attempt to exploit users who reuse the same information on more than one site.
"What we've done with exposing account shops is help customers better understand the scope and threat of compromised credentials that are being sold in the underground of the internet," Lefkowitz said. "There's just an absolute deluge of compromised login credentials … being traded in the underground that are being monetized and then used for a variety of different attack schemes."
Business Risk Intelligence
In previous releases of its platform, Flashpoint has emphasized its security intelligence API, which enables programmatic access to the company's threat intelligence data. In the new update, the emphasis is on the dashboard, which provides users with a graphical user interface to visualize threat information for business risk intelligence.
"We've seen a real appetite for a vulnerability dashboard that really helps organizations firefight and triage the avalanche of CVE vulnerabilities that they're being asked to make sense of and help to guide their prioritization process when it comes to patching," Lefkowitz said.
He added that Flashpoint is currently building different integration points for its dashboard to help organizations make use of the data inside of other technologies that are used within Security Operations Centers (SOCs).
Flashpoint is not alone in the space for threat intelligence, which has become increasingly crowded in recent years.
"One way that we've differentiated ourselves is with the recognition that there needs to be a use-case based approach that really resonates across the enterprise," Lefkowitz said. "We've coined the term ‘business risk intelligence’ to signal that this is not just about feeding malicious IPSs and hashes into the SOC, but rather it's about working with fraud teams, insider threat teams, corporate security teams to help them drive better decision making."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.