Abuse Situation Awareness Solution

Abuse Situation Awareness combines the capabilities provided by different Clarified Networks' tools to a uniform solution. Collect abuse feeds, process them and send out actioable reports with AbuseHelper. Gain and share situational awareness through visualizing the malicious activity with VSRoom. Pick the most significant cases for human analysis with Clarified Analyzer or gain more value to your existing sensors with supplying them instructions to alert and monitor for known malicious activity.

See how all the tools work together to provide full Abuse Situation Awareness.

Benefits

Users and Use Cases

The typical users of this solutions are large enterprises, teleoperators and governmental organizations, such as law enforcement, CERT teams and military. Wether you already process abuse feeds or are planning to start processing, you will benefit from years of experience which have been put into the solution. With this solution you are also prepared for collaborating with other typical users, who with you will jointly and effectively fight against Internet crime.

Large ISP

Tap into public and private abuse feeds, send out actionable reports internally to the incident response teams, as well as your enterprise customers. Respond with less effort to takedown notices. Integrate with your service desk information system, walled garden solution or already deployed sensors network. Visualize abuse information from different perspectives, such as how much infections are in your networks, what types of infections reside in different pars of networks. Automate the reporting of critical cases, such as command and conrol servers, to regulators and law enforcement. Also automate the countermeasures based on different criterias, such as the types of malicious activity. Finally, save in network equipment investments by reducing the high-bandwith malicious activity in your network.

Large enterprise

Complement public and private abuse feeds by tapping into your organization's data sources, such as network documentation, provisioning systems or more. Send out actionable reports to people responsible cleaning the infections. Integrate with your ticketing systems, such as RT-IR to fit the solution into your existing processes, now being automated further.

National / governmental CERT

Tap into public and private abuse feeds, send out actionable reports to national critical infrastructure providers (teleoperators, law enforcement). Integrate with existing national sensor network to confirm findings and to gain new insight.

abuse-classification.png abuse-us.png

Law enforcement

Monitor for most critical types of malicious activity based on different criterias, such as abuse types (dropsites, command&control servers in your country, victims of a specific crimeware toolkits, and so forth). Get up to date reports about criminal activities of your interest without the need for tapping into the actual traffic. Just automate the monitoring of publicly and semi-publicly available abuse feeds you might already receive. Build your investigations on real-time information and augment the reports with data available from additional query sources, such as Team Cymru's IP-to-AS service or passive DNS information.

leo.png

Abuse Situation Awareness (last edited 2012-01-07 17:10:18 by 84)