Stevie Awards

Search past winners/finalists

Learn about the other Stevie Awards Competitions
  1. Home
  2. Resecurity Context™ - Platform as a Service
Arrow

  • MESA logo

Resecurity Context™ - Platform as a Service

Gold Stevie Award Winner 2019, Click to Enter The 2020 American Business Awards

Company: Resecurity, Los Angeles, CA
Company Description: Resecurity is an American multinational cybersecurity company with headquarters in Los Angeles, California. The company provides next-generation endpoint protection and intelligence-driven cybersecurity solutions to leading Fortune 500 corporations and governments worldwide. Resecurity named Leader in Forensics and "Best Product Digital Footprint Security" in Cyber Defense 2018 Global Awards.
Nomination Category: New Product & Service Categories - Business Technology
Nomination Sub Category: Platform as a Service

Nomination Title: Resecurity Context™

The appearance of new threats and security challenges requires effective tools for their timely identification and in-depth analysis.

Context™ - is a Cyber Threat Intelligence Platform (PaaS) enabling enterprises and governments to accelerate analysis, prevention and investigation workflows with the goal of discovering valuable insights, and supporting better decision-making using AI, data science and unique threat and risk intelligence streams coming from variety of data sources.

Too many organizations leverage advanced threat intelligence merely to detect indicators of compromise (IOCs). Resecurity wants to help them mine actionable threat intelligence to truly bolster enterprise defences. IOC-based detection approach is a fundamentally flawed solution to the problem of stopping a sophisticated adversary, that’s why the industry needs advanced threat intelligence solutions providing comprehensive visibility into the actual threat landscape globally.

The product is oriented towards intelligence analysts, investigators, SOC/DFIR teams, cyber threat intelligence teams, risk management and C-level security executives.

The development of the product has been started 4 years ago based on the feedback and design requirements received from several leading Cyber Threat Intelligence Centers of Fortune 500 companies and government agencies.

The idea of the platform’s name – Context™ was born from an understanding of the vital role of contextualization in cybercrime investigations and threat intelligence tasks. Without proper contextualization, an overload of raw intelligence can become a burden, leading to lack of actionable data and incorrect resource planning, which may increase the probability of risk and negative outcome.

Context™ helps to research the entire kill-chain by examining the source data (domain name, IP, threat actor, IOCs, malware artifacts, security incidents details) and produce enriched high quality intelligence reports with detailed historical contextual information, significantly speeding up the reaction time of security and threat intelligence teams.

Key Features:

-Context™ combines tactical, technical, operational and strategic threat intelligence and allows tracking of multiple subjects of interest (SOI) enabling definition of complex criteria;
-Context™ harnesses a constantly-expanding cloud of indexed threat artifacts and associated adversaries metadata collected from a variety of sources, not limited just to OSINT-based or 3d-party threat feeds;
-Context™ leverages a broad arsenal of AI and ML mechanisms to narrow down search and to provide the most relevant and adequate results for threat intelligence, cybercrime investigations and forensics tasks;
-Context™ helps to optimize time-consuming and manual operations on threat intelligence collection, processing, production, and dissemination (CPED) stages.

Data Statistics:

-5B+ Threat artifacts, including indicators of compromise (IOCs), indicators of attacks (IOAs), tools, tactics and procedures (TTPs) of adversaries with valuable meta-data stored in historical form used for deep-dive investigations.
-300+ Million Fully indexed and translated Dark Web data entries with extracted artifacts, graphical screenshots and links visualization.
-9M Profiles of threat actors collected from various underground communities and criminal marketplaces, intelligence reports and security expert community with associated metadata for deep attribution research. Discover the latest tools, tactics and procedures (TTPs) of fraudsters and cybercriminals targeting your enterprise.
-40 Languages - A built-in offline translation solution and unique linguistic expertise in order to provide details on threat actors’ chatter, used slang/jargon and other specific details.
-20K+ Data Sources - A constantly updating repository of Dark Web sources, including: Private underground communities, Tor, I2P, Freenet, IRC, Jabber, IM groups (Telegram).

By leveraging robust machine learning models, Context™ also adds an additional analytical layer for granular security events, content and network activity inspection. Manage multiple internet and external threat intelligence feeds in different formats (STIX&TAXII, JSON, XML, RAW) and enrich circulating threat telemetry in your SOC/SIEM/TIP for strategic decision making and proactive incident response.

Built-in case management system and digital forensics framework allows tracking of multiple subjects of interest (SOI) in real-time and the centralization of collected intelligence (malware intelligence, PCAPs, IOCs, threat actors chatter) with proper tagging and context for further analysis and investigations between multiple team members and parties involved.

In bullet-list form, briefly summarize up to ten (10) of the chief features and benefits of the nominated product or service (up to 150 words):

- Context™ - is a Cyber Threat Intelligence Platform enabling enterprises to accelerate analysis, prevention and investigation workflows with the goal of discovering valuable insights, and supporting better decision-making.

-Context™ combines tactical, technical, operational and strategic threat intelligence and allows tracking of multiple subjects of interest (SOI) enabling definition of complex criteria. Context™ harnesses a constantly-expanding cloud of indexed threat artifacts and associated adversaries meta-data. Context™ helps to optimize timeconsuming operations on threat intelligence collection, processing, production, and dissemination (CPED) stages.

-Context™ leverages a broad arsenal of AI/ML mechanisms to provide the most relevant and adequate results.

Video:
https://app.resecurity.com/training/video/threatintel/ ;
https://app.resecurity.com/training/video/DRM/
https://app.resecurity.com/training/video/actors/