For years, ArcSight has consistently appeared on multiple Top SIEM Software lists, including Gartner’s Magic Quadrant. Security professionals leveraging ArcSight are further empowered by its multiple partner integrations, which now includes CyberTotal — developed by CyCraft, a leading cybersecurity firm in Asia.
CyberTotal is a cloud-based threat intelligence service that is uniquely suited to aid SIEM SOC analysts by seamlessly integrating multiple diverse CTI sources, open-source intel, our proprietary threat intelligence international threat actors, their behavior profiles, and much more.
Employing the CyberTotal platform helps security teams quickly verify alerts and triage threats appropriately via automated correlation analysis and knowledge base optimization.
The intuitive CyberTotal Dashboard allows security teams to effortlessly access large amounts of artifacts, each enriched with contextual threat information and, at the same time, improves your team’s efficiency and accuracy by automatically prioritizing indicators of compromise (IoC).
Your team will be able to focus on the most critical and urgent alerts and have a head start via the contextual information provided by the platform.
Security teams spend much of the day on validating alerts and triage. CyberTotal saves human capital and increases productivity by automating the necessary research required with validation and triage.
By aggregating multiple cyber threat intelligence sources from around the world, CyberTotal can automatically provide security teams with contextual threat intelligence on indicators such as reputation, severity, confidence, threat score, OSINT, whois, passive DNS, component analysis, vulnerability evaluation, and more.
Using CyberTotal, SOC analysts can rapidly validate alerts by looking at the severity and confidence of the associated indicators. In addition to removing the time-consuming task of removing false positives, analysts can also triage alerts by examining the confidence and severity scores of indicators associated with alerts.
You can further query the Cybertotal API to validate, enrich, or gain context on suspicious indicators or use the dashboard to drill down via our graph database of threat intel to find out if something is malicious or not, or associated with other malicious indicators during investigations.
CyberTotal not only aggregates multiple international cyber threat intelligence sources but also enriches your threat intelligence with a host of contextual information of network, file, vulnerability, and actor related data.
If your organization’s firewall or proxy logs are collected in ArcSight, CyberTotal can inspect each target IP, Domain, and URL and pinpoint the high-risk artifacts. Correlation reports, such as high-risk endpoints and indicators, can be highlighted in either the dashboard (see Figure 4) or daily/weekly statistical report (see Figure 3) to speed sec ops workflow.
You can even call CyberTotal’s API to get the latest blacklist data on malicious domains, URLs, IP addresses, and hashes, which you can use to hunt out threats in your organization, or plug into your EDR solution.
The intuitive and straightforward design of the CyberTotal dashboard and the CyCraft customer support team help reduce the typically high-learning curve associated with software integration, so SOC analysts can spend more time doing what matters most — protecting their organization.
“CyCraft’s customer support provided excellent communication, incident reports, and response times, leaving us feeling confident and at ease with our security situation.”
-One security analyst for one of the top three telecommunication companies in Taiwan
Our cyber intelligence team of security professionals tracks the most sophisticated forms of intrusion techniques and provides historical and up-to-date information on APT groups.
Our team is composed of DEFCON CTF finalists and former members of the Taiwan Ministry of Defense, the Taiwan Criminal Investigation Bureau, and the premiere Taiwan social hacker group, CHROOT.
Writer: CyCraft
CyCraft is a cybersecurity company founded in 2017, focusing on autonomous AI technology. Headquartered in Taiwan, it has subsidiaries in Japan and Singapore. CyCraft provides professional cybersecurity services to government agencies, police and defense forces, banks, and high-tech manufacturers throughout the Asia-Pacific region. It has received strong backing from the CID Group and Pavilion Capital, a Temasek Holdings Private Limited subsidiary.