Devo Collective Defense empowers security teams with community-driven threat intelligence

Devo Technology has launched Devo Collective Defense, a threat intelligence feed within the Devo Security Data Platform that provides community-based intelligence sharing of threat activity and trends.

Devo is also unveiling updates to Devo Exchange and its MITRE ATT&CK Adviser application.

In addition to the expanding threat landscape and the increased sophistication of attacks, analysts confront unique difficulties. They must not only contend with the overwhelming volume of threat data but also grapple with the uncertainty of knowing if what they observe is part of a broader threat trend.

To help analysts overcome these challenges, Devo Collective Defense leverages Devo’s massive ingestion ability to analyze millions of data points across thousands of domains. This data diversity delivers a comprehensive view of the threat landscape and provides security teams with collective knowledge and insights, augmenting their ability to thwart attacks.

More specifically, Devo Collective Defense:

• Securely analyzes alert data to rapidly identify actionable intelligence, trending and emerging threats and Indicators of Compromise (IOCs).
• Delivers a high-value intelligence feed to Devo users, providing information about emerging threats and IOCs, minimizing the potential impact of breaches.
• Enhances threat context by providing Devo users with contextual information about the Tactics, Techniques and Procedures (TTPs) employed by threat actors.

“The complexity of the IT environment is causing organizations’ attack surfaces to expand beyond their capacity to manage them,” said Michelle Abraham, research director, security and trust, IDC. “Access to a community-based intelligence sharing program such as Devo Collective Defense enables organizations to make smart decisions for more rapid identification of emerging threats and easy-to-action insights.”

More community-based enhancements and updates

Devo also continues to update and create new content for organizations to leverage and augment their security team’s knowledge. These additional enhancements include:

Devo Exchange updates: Redesigned Devo Exchange alert content lets users control which alerts are installed in each alert pack, enabling better workflow management. Devo continues to add new content to Devo Exchange, including Activeboards for Azure, Office365 Active Directory, and an overview of Zscaler proxy activity. Additionally, 300 new alert packs cover an array of common technologies such as Google Cloud, G-Suite, Microsoft Windows, Office365, and Linux.

MITRE ATT&CK Adviser updates: The Devo MITRE ATT&CK Adviser maps alerts and log sources to MITRE ATT&CK tactics and techniques to derive a coverage score against the framework and identify gaps. Users can now specify whether certain alerts, techniques or log sources are relevant, improving its recommendations. New multi-domain filters provide multitenant organizations with the ability to view their coverage from a single screen.

“These latest enhancements strengthen our customers’ security posture by enabling them to meet growing data security requirements at scale,” said Chaz Lever, senior director of security research, Devo. “By bringing security professionals together, sharing threat intelligence and providing curated content, our security data platform empowers organizations to fortify their defenses confidently and reinforces our belief that the collective is greater than the sum of its parts.”