We offer assessments and advisory services to clients from all industries.View All
We strive to develop a true relationship with each customer.Learn More
Our managed detection and response (MDR) service built on a platform that helps quickly identify and eliminate security threats.Learn More
Detect vulnerabilities before they become threats.Learn More
Align your IT efforts with the goals of your business.Learn More
Detect and Defeat security threats in record time with our expert team.Learn More
Recruit our team to advise on information security planning.Learn more
Comprehensive security assessments and advisory of your cloud deployments.Learn more
Comprehensive initial assessments and ongoing monitoring of your third party business partners.Learn more
Our team delivers exceptional service through honesty and accountability.Learn More
Our services meet requirements for many common regulations and standards.Learn More
Behavior-based detection with over 250 unique process behaviors to keep your business safe.Learn More
An intelligence feed to tag and funnel internet traffic into manageable patterns.Learn More
We integrate with over 100 of the most common and powerful tools to ensure threats are identified and eliminated.Learn More
The foundation for our services: a team dedicated to Research, Intelligence, and Offensive Tactics.Learn More
An intelligence feed to categorize internet traffic.
Shield against unnecessary noise to focus on what matters most and provide analyst-friendly context.
What is Shield?
Contextualized categorization platform for the entire IPv4 space that does not rely on individual IP addresses. It’s a larger-scale view focusing on categorizing sources and destinations at organizational or ASN levels in an easy to digest format, such as an “ISP” or “cloud provider”.
What are the benefits of this approach over traditional threat intel?
Unlike IOCs, Shield does not rely on the “known-bad” approach, meaning it can identify suspicious patterns even if the source is known to be a bad one yet. It helps filter internet traffic into manageable patterns during investigations, for example excluding all domestic ISPs while investigating suspicious logons. It helps provide context of sources and destinations, such as “content delivery network” or “educational institution” to help improve alerting and enrich data for analyst investigations.
Intelligent traffic categorization:
Predictive approach based on larger scale categorization without reliance on “known bad” data
Data can be tailored to each organization to improve results, such as the difference between a domestic or international organization
Fairly static, IPv4 space categorization, even if routing details change, the categorizations mostly follow the original classifications (a perfect example is bulletproof hosting range changing geolocation or ASN)
Domestic threat detection to catch US-based VPNs, hosting, etc. leveraged by adversaries
Excellent for Threat Ops for larger-scale monitoring efforts with a variety of clients
Custom analytics based on context combined with other data sources and available details
Filter authentication sources with human context of what those sources are (e.g., ISP, business, etc.)
Gain insight into logins from domestic infrastructure sources that are not typically leveraged by an employee (e.g., hosting, cloud provider, VPN, etc.)
Catch adversaries based on routing anomalies or unusual use of cloud infrastructure