Lookingglass Cyber Solutions, a provider of cyber threat intelligence management solutions, recently added new workflow and data integration enhancements to its flagship product, ScoutVision.
ScoutVision, Lookingglass’ Cyber Threat Intelligence Monitoring and Management Platform, connects, collects and processes cyber threat indicators and intelligence and provides security teams a “workspace” to research, manage and monitor cyber activity and infrastructure that affect enterprise risk.
The latest version of ScoutVision (v4.3) offers broader capability, scale and system wide integration improving the overall collection, exploitation and workflow, the company said.
The new features are designed to help organizations leverage threat intelligence and assist security teams in managing threat intelligence more efficiently.
Key features and enhancements to ScoutVision include:
System Wide
• New Cyber Heads up Display (CyberHUD) Behavior – Provides a “watchlist” style, alerting interface. New indicators added into a monitored network space will be highlighted for the user. Users will also be able to “clear” the watchlist as they vet and address the events that caused an alert situation.
• Communications Page Redesign – Simplified and new paging and sorting functions of telemetry and log data to assist users with reduction and prioritization.
• Bulk import – Users can now bulk import and tag thousands of IP addresses directly via the user interface (UI). This allows users who wish to tag large sets but do not want to do command line scripting to quickly import data sets they have in other systems/formats.
Analyst Workspace
• Streamlined User Interface (UI) – Updated look and feel adapted to user’s task focused workflow to make it easy to navigate across network elements.
• Scalable Collection & Exploitation Architecture – The new architecture enables faster database writes and includes supports metadata for collection sources.
• Historical Timestamps – Provides 90-days of historical indicators associated with specific network entities to track threat activity and observe changes that occur over time.
• Premium Indicator Sources – New data relationships enable expanded integration with trusted industry threat sources available through a single analyst workspace.
• Collaboration – Improved project import/export functionality enables sharing of information between Lookingglass customers.
Expanded Tagging
• Domains – Users can directly associate tags to fully qualified domain names (FQDNs) directly via the UI.
• Indicator and Tag History – The system displays a minimum of 90-days of indicators and/or user tags associated with a network element over time.
• Unannounced Classless Inter-Domain Routing (CIDRs) Ranges – Users can tag unannounced CIDR ranges to monitor for threat data aggregated for unannounced IP address space.
ScoutVision is deployed as an appliance and can be extended into existing security systems and information through a comprehensive API.
“Our latest release was driven by our customers’ input and necessary architecture changes to support our future roadmap,” said Chris Coleman, Lookingglass president and chief executive officer. “These improvements to our intelligence processing architecture, data persistence and intelligence navigator bring effective and efficient threat data and threat intelligence management and monitoring to our clients.”