For years, ArcSight has consistently appeared on multiple Top SIEM Software lists, including Gartner’s Magic Quadrant. Security professionals leveraging ArcSight are further empowered by its multiple partner integrations, which now includes CyberTotal — developed by CyCraft, a leading cybersecurity firm in Asia.
CyberTotal Integrates with ArcSight
CyberTotal is a cloud-based threat intelligence service that is uniquely suited to aid SIEM SOC analysts by seamlessly integrating multiple diverse CTI sources, open-source intel, our proprietary threat intelligence international threat actors, their behavior profiles, and much more.
Employing the CyberTotal platform helps security teams quickly verify alerts and triage threats appropriately via automated correlation analysis and knowledge base optimization.
The intuitive CyberTotal Dashboard allows security teams to effortlessly access large amounts of artifacts, each enriched with contextual threat information and, at the same time, improves your team’s efficiency and accuracy by automatically prioritizing indicators of compromise (IoC).
Your team will be able to focus on the most critical and urgent alerts and have a head start via the contextual information provided by the platform.
Faster Alert Validation, Triage, and Investigations
Security teams spend much of the day on validating alerts and triage. CyberTotal saves human capital and increases productivity by automating the necessary research required with validation and triage.
By aggregating multiple cyber threat intelligence sources from around the world, CyberTotal can automatically provide security teams with contextual threat intelligence on indicators such as reputation, severity, confidence, threat score, OSINT, whois, passive DNS, component analysis, vulnerability evaluation, and more.
Using CyberTotal, SOC analysts can rapidly validate alerts by looking at the severity and confidence of the associated indicators. In addition to removing the time-consuming task of removing false positives, analysts can also triage alerts by examining the confidence and severity scores of indicators associated with alerts.
You can further query the Cybertotal API to validate, enrich, or gain context on suspicious indicators or use the dashboard to drill down via our graph database of threat intel to find out if something is malicious or not, or associated with other malicious indicators during investigations.
CyberTotal not only aggregates multiple international cyber threat intelligence sources but also enriches your threat intelligence with a host of contextual information of network, file, vulnerability, and actor related data.
If your organization’s firewall or proxy logs are collected in ArcSight, CyberTotal can inspect each target IP, Domain, and URL and pinpoint the high-risk artifacts. Correlation reports, such as high-risk endpoints and indicators, can be highlighted in either the dashboard (see Figure 4) or daily/weekly statistical report (see Figure 3) to speed sec ops workflow.
You can even call CyberTotal’s API to get the latest blacklist data on malicious domains, URLs, IP addresses, and hashes, which you can use to hunt out threats in your organization, or plug into your EDR solution.
Other CyberTotal Features.
- Helps large organizations organize and share disparately structured threat intel sources across multiple geographical locations and formats via the latest TAXII and STIX
- Supports both Snort and Yara formats
- Publishes blacklists for file hashes, domains, URLs, and IP addresses of severe malicious activity
- Provides reputation checks on your potential business partners and provides the confidence and severity of threat intel related to that entity
- ArcSight ESM 18.104.22.1686.1 or higher
- ArcSight SmartConnector 7.14 installed on CentOS version 7 Linux server
- Network access to CyberTotal (https://cybertotal.cycraft.com)
Intuitive Dashboard Design and Support
The intuitive and straightforward design of the CyberTotal dashboard and the CyCraft customer support team help reduce the typically high-learning curve associated with software integration, so SOC analysts can spend more time doing what matters most — protecting their organization.
“CyCraft’s customer support provided excellent communication, incident reports, and response times, leaving us feeling confident and at ease with our security situation.”
-One security analyst for one of the top three telecommunication companies in Taiwan
Our CyberTotal Team
Our cyber intelligence team of security professionals tracks the most sophisticated forms of intrusion techniques and provides historical and up-to-date information on APT groups.
Our team is composed of DEFCON CTF finalists and former members of the Taiwan Ministry of Defense, the Taiwan Criminal Investigation Bureau, and the premiere Taiwan social hacker group, CHROOT.
- Joined MITRE ATT&CK Evaluations round two against APT29 and round three against CARBANAK and FIN7
- Member of FIRST — the premier incident response organization
- Winner of multiple Gold Cybersecurity Excellence Awards, including MDR, Forensics, Incident Response, and Artificial Intelligence as well as a Best Cybersecurity Company Gold Award
For more information on our platform, how we defeat APTs in the wild or the latest in CyCraft security news, follow us on Twitter, LinkedIn, Medium, and our website at CyCraft.com.
Join the CyCraft Community
When you join CyCraft, you will be in good company. CyCraft secures government agencies, Fortune Global 500 firms, top banks and financial institutions in Asia, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs in several APAC countries, including Taiwan, Singapore, Japan, Vietnam, and Thailand.
We power SOCs with our proprietary and award-winning AI-driven MDR (managed detection and response), SOC (security operations center) operations software, TI (threat intelligence), Health Check, automated forensics, and IR (incident response), and Secure From Home services.
- CyCraft’s security technology is tested technology. Read about our impressive performance and results in the latest MITRE ATT&CK cybersecurity solution evaluations.
- Has your organization recently shifted to a Work From Home environment? Learn how to receive three free months of our Secure From Home service.
- Our Enterprise Health Check drops your mean dwell time down from 197 days to under 1 day without false positives or false negatives. Know with confidence if hackers have penetrated your enterprise.
- Learn how we detected and defeated a foreign APT targeting Taiwan’s high-tech ecosystem. Read our full analysis and malware reversal.
- Gain the CyCraft Advantage and drastically reduce your investigation time with our automated forensics and actionable reports with contextual data & true attack root cause analysis.
- Is your organization an ICS? CyCraft discussed directly with semiconductor manufacturers on updating global cybersecurity standards and the unique security challenges an ICS faces.
- Case Study: CyCraft reduced an acquisition due diligence investigation time by 99%.
- Gain insight into one of the many sophisticated threat hunting machine learning models that CyCraft’s CyCarrier platform uses to defeat APTs in the wild every day.
- Learn why industry professionals voted CyCraft for multiple GOLD Cybersecurity Excellence Awards in 2020.