Overview

Analysts require context and insight into potential threats in a timely manner, in order to make better decisions faster, and without interrupting their workflow.

Polarity’s ability to capture, recognize and overlay threat information provides a display on desktops that draws directly on a user's screens to deliver data awareness and recall, without affecting existing workflows. Analysts are then able to investigate potential threats further by pivoting directly from the overlay directly to Flashpoint intelligence.

The Flashpoint & Polarity Advantage

The Polarity-Flashpoint integration enables users to search against Flashpoint Finished Intelligence and Technical Data for additional context on information such as IPs, domains, and file hashes. This capability brings timely Flashpoint intelligence and analysis to the forefront, enabling analysts to conduct further research into incidents, easily consume intelligence, and make efficient decisions.

Key Benefits

  • Access Flashpoint intelligence and analysis, no matter what tool or internal system you’re using

  • Transparently lookup any domain, IP address, or URL against Flashpoint’s technical intelligence

  • Quickly attach notes to any string, recording evidence from an investigation or intelligence on a potential threat


Integrated Flashpoint Datasets

TECHNICAL DATA

Technical Indicators: Enable users access to indicators of compromise (IOCs) and technical data across Flashpoint datasets, including those found in Flashpoint Finished Intelligence reports, allowing for seamless integration into users’ workflows and automated tools.

INTELLIGENCE REPORTS

Finished Intelligence: Access to analytical reports produced by our intelligence analysts. Reports cover a wide spectrum of illicit underground activity, including crimeware, fraud, emerging malware, violent extremism, and physical threats.


Use Cases

VULNERABILITY PRIORITIZATION

Teams responsible for vulnerability management can examine Flashpoint’s collections to further research recently released bugs and determine the risk they pose to organizations. Polarity’s ability to conduct optical character recognition (OCR) helps users to extract domains or indicators within documents such as PDFs, and therefore query Flashpoint data. Insight into these discussions will assist in determining which patches should be applied immediately or hold for the next internal maintenance upgrade cycle.

INTERNAL LOG INVESTIGATION

Analysts investigating incidents found on network device logs can view data and information gathered by Flashpoint to examine whether indicators such as IP addresses are malicious. A view into Flashpoint data and intelligence brings context from illicit communities to these indicators and can inform investigations and prioritize

responses.

For more information contact: [email protected]

Did this answer your question?