October 5, 2016

What we offer

  1. IDENTIFY IMPLICIT RELATIONS between documents of different types:
    • Auto-tagging of documents to identify their class(es) based on text content analysis. Classes such as: “vulnerability”, “exploit”, “generic attack description”, “technical attack description”, “patch/fix”, “update”, “IoC”, “course of action” can are identified
    • Discovering relations between documents from different classes: a vulnerability and its corresponding exploits, an exploit and the respective attack description, an attack and an advisory describing its possible mitigation

  2. ASSISTANCE IN CREATION AND DISTRIBUTION OF ADVISORIES – CÆSAIR provides suggestions for generating warnings / advisories about:
    • vulnerable software/hardware products (based on current threat landscape and vulnerability descriptions),
    • potential counter-measures for a threat, found as related documents with the tag “patch/fix” or “course of action”,
    • recipients of the warning (based on assets information provided by end users). Warnings / advisories are sent out to the recipient list, or available on-demand (including the historic data).

  3. TOOLTREND ANALYSIS – keep track of the evolvement of the IT security landscape by observing:
    • How the vulnerability of a software/hardware product changes over time.
    • How timely a software vendor releases a fix after an exploit is disclosed.
    • Which products on the market are most exposed to security threats.
    • What are the top N non-trivial frequently co-occurring concepts in CTI.

  4. INTERACTION WITH EXISTING SOLUTIONS for threat and incident handling – CÆSAIR’s analytical functionality can be accessed through a friendly graphical user interface, as well as via APIs. This means that CÆSAIR can be:
    • deployed as a full-fledged standalone installation,
    • run “as a service” on data collected from third-party solutions, such as threat sharing or incident handling solutions, and/or direct its output to such solutions. This allows the integration of CÆSAIR with open-source (such as IntelMQ and MISP) or commercial products.