Overview
IKANOW Threat Analytics helps adjust the levers of your enterprise to cohesively align strategic, tactical, and operational functions. Threat Analytics first simplifies the data ingestion process by giving your analyst team tools for ingestion and curation without the need for customized development. By using this single sheet of sterilized data, threat intel and attack surface information can then be fused, applying filters or removing unnecessary data points.
The alignment of the strategic, tactical, and operational facets of your organization is achieved by the Threat Analytics platform through a tight integration with organizational roles. Role-based access to cascading scorecards enables the right individuals to have access to critical data and visualizations when needed, driving changes to keep overall security posture aligned.
Audience
Organizational functions are mapped to user roles as follows:
Strategic: CISO
Tactical: Director of Threat Intel
Operational: Analyst, IT Security Engineer
Description of Roles
CISO:
Chief Information Security Officer. Is the senior-level executive within his organization responsible for securing information assets and technologies.
Director of Threat Intel:
Obtain daily snapshot of all analyst activities, active or possible threats and ensure security teams are closing vulnerability gaps.
Features
This alignment of an organizations various functional areas is easily achieved using Threat Analytics platform. The following core features make it easy to ingest, curate and visualize the pertinent data.
Ingestion
There are no limits to the types of information that can be ingested, using our three-step process. Using structured, unstructured and semi structured information, from logs to social media all data can be easily absorbed into the Threat Analytics platform.
To learn more about ingesting data into the platform, see section Manager.
Curation & Fusion
While adding any data sources is a huge benefit it is also necessary to perform cleansing and ongoing data hygiene. Visually associating and combining data sources helps to align relationships within internal and external data. It is not necessary to hire a developer or contact your vendor to perform these tasks.
For more information, learn more about the Source Builder.
Visualize & Collaborate
Tools must be designed to discover patterns and anomalies. Visualizations can be shared with team members throughout the analytical process. Enterprises can therefore create the necessary structures to perform self-learning to develop an accurate pictures of results.
For more information, see section Project Workspace, and Search.
Cascading Scorecards
Since each enterprise is different, a set of scorecards will aid your stakeholders so they can measure and monitor critical security information in an adaptive way. On-going measurement that changes as you do.
For more information, see section Project Workspace.
Next Steps:
- Familiarize yourself with the core concepts of the Threat Analytics platform.
- Learn how to ingests data sources using the Manager.
- Learn how to visualize data sources using Project Workspace and Search.
In this section:
Related Procedural Documentation:
Introduces you to the basic concepts of Threat Analytics source management, before taking you through some common procedural workflows for getting up-and-running with source management.
Wizard-based interface for ingesting data sources.
Workspace for User Access, Dashboards, Cascading Scorecards etc.
Query the platform and view the search results as Threat Analytics documents (entities, associations, geo and temporal data etc.)
Related Interface References:
Quick reference field definitions for the Manager interfaces.
Project Workspace Interface Reference
Quick reference field definitions for the Project Workspace interfaces.