Keepnet’s Threat Sharing technology enables community members to expand their threat intelligence reach by leveraging the collective network knowledge, reducing costs, and accelerating implementation.
Our Phishing Simulator and Awareness Educator modules minimize your employees’ susceptibility, and our Email Threat Simulator module proactively reduces the volume of inbox events. Our Incident Responder module is designed to catch successful phishing attacks!
Built to extend the capability and effectiveness of our patent-pending Incident Response platform, our Threat Sharing technology acts as an early warning network for all participants. There are three sources of threat sharing data.
Our Keepnet IRP is deployed at each node of the network providing inbox level incident reporting, investigation and response giving users maximum agility and reducing response time.
Intelligence Triggering Investigations
After finding any instances of an attack Keepnet IRP will now automatically share this intelligence to the rest of the community triggering investigations throughout the network.
In addition to data from the Keepnet IRP each organisation within the community can create a trust and reputation-based relationship with any other organisation on a decentralised, peer-to- peer basis using the Keepnet Threat Sharing APIs.
Data Sharing Based on Trust
Rules, Workflows and Playbooks are defined on a case by case basis to control how the intelligence from the partner organisation are actioned. High trust relationships can be automated, connections with lower trust scores can require independent verification of the threat analysis before taking action.
Third-Party Intelligence Sources
Another feature of our Threat Sharing APIs is the ability for any member of the network to share threat intelligence obtained via their other cybersecurity products and services.
Various Sandbox Technologies
Using the same peer-to-peer architecture described previously, one organisation using a certain sandbox product can share threat analysis data with another organisation who may be using a different sandbox technology.
This cross referencing provides a greater detection probability of malicious attacks.