Bitdefender Threat Intelligence Feeds & Services represent a broad portfolio of unique, machine-readable (MRTI) data feeds and services. Threat intel is collected from a global threat detection network of millions of sensors, and technology partners, curated by 800+ Bitdefender Labs security experts that can be automatically integrated into partners’ tools and security solutions.
Improve detection rate by automatically receiving intelligence on the latest cyber threats.
Automatically reduce alert fatigue by correlating SIEM logs with best-in-class threat data.
Reduce breach-detection time by integrating the latest threat data into your EDR platform.
The threat intelligence is collected from various sources, such as Bitdefender’s network of hundreds of million endpoints, deep web monitoring, web crawling systems, sandbox analyzer services, advanced heuristic and content analyzers, email spam traps, honeypots and monitored botnets, and industry partners.
The data is automatically curated to remove duplicate entries, categorize threat objects, reduce false positives and update reputation. Additionally, 800+ Bitdefender security researchers and engineers ensure the data is accurate and actionable. The context offered to customers include region and industry tagging, threat information such as first/last seen, threat score, threat family, etc.
Security professionals can integrate our threat feeds and services into any platform or infrastructure in minutes. A unique, platform-agnostic approach is compatible with any SIEM (security information and event management) or TIP (threat intelligence platform) familiar with consuming a REST API and the TAXII/STIX format.
Bitdefender Threat Intelligence Feeds and Services can be integrated with security solutions such as firewalls and unified threat management (UTM) systems, intrusion detection and prevention (IDP), SWGs and secure email gateways (SEGs), endpoint protection (EPP), web application firewalls (WAFs), distributed denial of service (DDoS), security information and event management (SIEM), and security orchestration solutions.
Collection of IPs associated with highly targeted cyber-attacks (Advanced Persistent Threats).
Collection of file hashes associated with Advanced Persistent Threats.
Collection of domains hosting Advanced Persistent Threats.
Feed containing IPs associated with command-and-control servers.
Collection of domain addresses associated with phishing attacks.
Feed of domain addresses associated with malicious threats.
Collection of domains known to spread malware, phishing and other threats.
Feed of URLs known to spread malware, phishing and other threats.
Feed containing information regarding hashes associated with a CVE detection.
Collection of files known to be part of threats or attacks.
Collection of IPs known to contain some sort of threat, such as botnet C&Cs or DDoS attacks.
Known to be used in malicious activities.
Collection of domains known to spread malware, phishing and other threats.
From darkweb networks to state-sponsored groups, cybercrime has long outgrown its traditional image. Now, the myth of the lone wolf who carries out complex operations alone has all but disappeared.
Read More