Cytomic, the business unit of Panda Security specialized in large accounts and threat detection and response service providers, announces its capacity to natively integrate with the MISP platform.

The integration of the platforms allows you to enrich the MISP platform with Cytomic’s proprietary threat intelligence, as well as searching for indicators of compromise related to security incidents received in MISP on the assets protect with the Cytomic platform.

The integration of Cytomic in the MISP platforms also allows you to extend the information available in MISP with Cytomic platform’s Cyber Threat Intelligence.

If the object that has been queried on the Cytomic platform is seen on the organization’s protected assets, this information is included in the extended information.

Ilustración 1. Enriquecimiento en MISP con Cyber Threat Intelligence de la plataforma Cytomic

Illustration 1. Enrichment in MISP with Cyber Threat Intelligence from the Cytomic platform

Likewise, the integration into MISP’s taxonomy allows the organization’s advanced security team, or its service provider, to search for event attributes in MISP, from other cyber intelligence sources, such as indicators of compromise in the activity of the assets protected by Cytomic solutions.

The search for these attributes (files, IPs, domains, URLs) can be configured in real time and/or retrospectively, up to 365 days, which is the standard retention of telemetry in the Cytomic platform.

Ilustración 1. Taxonomía Cytomic definida en MISP

Illustration 2. Cytomic taxonomy defined in MISP

Benefits for Cytomic and MISP clients_

  • Automating the enrichment of information in MISP with Cytomic Cyberthreat Intelligence.
  • Immediate information about assets where certain attributes have been seen, which can include malicious applications coming from information from other sources. This way it speeds up the incident response process, before it can lead to a cybersecurity breach.
  • Automation of searches for indicators of compromise from events/incidents from other MISP sources. These indicators are searched for in real time and/or retrospectively in the activity collected, up to 365 days, from the organization’s assets.

About the Cytomic platform_

The Cytomic Platform provides an advanced endpoint security solution, EDR, patch management, full encryption, and cloud-native detection, hunting, containment and response solution for cyberthreats, all centralized from the cloud and deployed from a single, lightweight agent. Cytomic protects clients against advanced cyberattacks using artificial intelligence and deep learning, as well as IoAs to stop known and unknown threats in real time.