Early-warning-as-a-service for extended enterprise networks

At RSA Conference 2015, Norse introduced the Norse Intelligence Service, a unique fusion of automated and human threat monitoring and analysis that offers “early warning as-a-service” for the very large extended enterprise networks.

Even in the most security-savvy companies, only 20 percent of attacks are identified by internal security organizations, according to the 2014 Verizon Data Breach Investigations Report. To make matters worse, security and intelligence talent is virtually impossible to hire.

The Norse Intelligence Service helps Fortune 500 companies and government organizations address this by combining a globally distributed network of attack sensors — the Norse Intelligence Network — with automated actuarial-based risk scoring and scalable, on-demand human intelligence analyst expertise.

Offering around-the-clock continuous threat monitoring, the service patrols complex intertwined customer, partner and supplier networks from the outside-in to identify compromised systems, spot malicious activity and track attacks while they are still underway. The service helps subscribers catch incursions and exfiltrations early to head off more massive breaches and limit losses.

Automated attack telemetry from the global Norse Intelligence Network is refined and enriched by Norse’s in-house team of professional cyberintelligence and counterintelligence fusion analysts, then delivered directly to customers. The Norse Intelligence Service includes detailed threat reports, delivered as needed, that distill mountains of intelligence data into concise customized recommendations that executives can act on. Written by Norse professional analysts hand-picked for each customer, these reports provide the irreplaceable human touch and an expert’s critical eye.

Requiring no on-premise hardware or software, the Norse Intelligence Service can be configured to focus on a single network, or take a broader view to find compromises on intertwined customer, supplier and partner networks.

A web-based dashboard shows attacks on or emanating from networks, and provides detailed forensic data to help analysts pursue deeper investigations. Attacks and indicators of compromise (IOCs) can be filtered and sorted by geolocation of aggressors or targets, protocol, device type, traffic volume, attack velocity or risk score. This can help in-house security professionals use their existing tools more effectively to quickly disqualify benign events and focus in on more dangerous incursions.

Alerts can be delivered through the Norse portal or via email, and more urgent alerts can be sent by SMS. The Norse Intelligence Service also provides enterprise SOCs (security operations centers) with visual alerts using a version of the popular Norse Attack Map (map.norsecorp.com) tailored to each customer’s assets and networks of interest.

“The need for expert threat monitoring and analysis has never been greater, but intelligence experts have never been more difficult to hire, with even the largest, most sophisticated organizations having trouble filling the talent gap,” said Tommy Stiansen, CTO and co-founder of Norse. “Meanwhile, the threat landscape has become wildly asymmetric, with individual companies overwhelmed by daily attacks from nation-states, terrorist organizations, multinational organized crime syndicates and thousands of hackers. The new Norse Intelligence Service is designed to fill that talent gap, and level the playing field.”