Garda TI (Threat Intelligence)

Garda TI is a service for enriching data on cyber threats. Its users receive regularly updated information about signs and indicators of malicious activity based on data from open and own sources of the analytical center of the Garda group of companies.

The product is registered in the Register of Russian software, which confirms compliance with the requirements of Russian legislation, provides the opportunity for unhindered use in organizations related to CII and government bodies.

2024

"Garda TI 2.2" with brute force and mining indicators

The updated version of Garda Threat Intelligence will strengthen preventive measures to counter cyber threats, increase the speed of response to them, help customers detect hidden attacks and strengthen control over operating costs. The company announced this on October 9, 2024.

Garda TI 2.2 will help customers predict and prevent potential attacks - the feed base has been replenished with new indicators: brute force and mining. The former contain data on known malicious IP addresses associated with brute-force attacks, help identify attempts to unauthorized access to systems through brute-force passwords to quickly block unreliable sources. The latter make it easier to detect hidden attacks when attackers use the computing power of an enterprise.

Updates in terms of compromise indicators had a positive effect on reducing the number of false positives of information protection systems. The lifetime of the indicator is now measured in days, so the fed base always remains relevant.

The lifetime of the indicator depends, for example, on what category the indicator belongs to (botnet, phising, spam, etc.), as well as on its type (hash, domen, url, etc.), - explained Alexey Semenychev, head of the information security threat analytics department of the Garda group of companies. - If during the life of the indicator, malicious activity is recorded on it, then its period is extended from the moment of detection of this activity.

The speed of response to threats when using "Garda TI 2.2" is reduced by timely receipt of data about them, all data is now collected in advanced reports

The developers have improved, among other things, the interface - indicators are indicated in different colors depending on the level of criticality, which facilitates perception and helps to navigate the variety of threats.

Integration with Security Vision TIP

The Garda Group of Companies and Security Vision on October 2, 2024 announced the integration of the Security Vision TIP platform and the Garda Threat Intelligence cyber threat data service. The combined service will provide customers with access to specialized threat data streams and the ability to quickly integrate feeds into security management systems.

Self-enriching the entire arsenal of information protection tools with cyber threat data takes time and resources. TI platforms allow you to automate the process by accumulating data from several services from different vendors, providing customers with information in a single interface.

The Garda Threat Intelligence service transmits data on new cyber attacks to customers and helps create multi-level protection, which reduces the burden on employees of information security monitoring centers, "said Ilya Seleznev, head of the Garda TI product. - Every day, the competence center of the Garda group of companies processes about 100,000 and records up to 60,000 new compromise indicators (IoC), most of which are unique. Integration with Security Vision TIP will expand the volume of threat data for service customers, which means it will increase the effectiveness of preventing cyber attacks.

Integration with the Garda TI service expands the choice of data providers that customers can work with, offering access to unique specialized feeds, - said Roman Ovchinnikov, Director of the Security Vision Implementation Department. "So, customers can choose the most appropriate solutions for their business tasks, creating a secure information environment."

Garda Threat Intelligence 2.1 with current GeoIP base

The Garda group of companies has updated the service for enriching data on cyber threats. "Garda Threat Intelligence 2.1" allows customers to determine whether an IP address belongs to a specific city, region or country, helps detect threats and quickly decide to block a potential malware.

The updated version of the data enrichment service on cyber threats "Garda Threat Intelligence" (Garda TI) is supplemented by the current GeoIP database, which is updated monthly by the manufacturer. The technology is used in cases where it is necessary to form rules based on the geographical affiliation of IP addresses: when configuring security gateways and firewalls, to protect web services. The interface of the updated version of the service allows you to upload IP addresses in the.csv and.mmdb formats.

Garda TI updates allow customers to take part in the development of the service, informing the manufacturer about the threats that are relevant to them. Information about the threat detected by the client comes to the analytical center of the group of companies and after verification falls into the general database of feeds.

The joint involvement of customers and vendors in threat detection and analysis enables faster detection of patterns and characteristics of attacks and facilitates faster and more accurate response to threats. The customer receives a more effective tool, the product is developing. Enriching the service with new data strengthens it and allows other customers of the group of companies to increase the efficiency of information security systems, "said Ilya Seleznev, head of the Garda Threat Intelligence product.

These rules are regularly updated and take into account the relevance of the feeds. In addition, the experts of our analytical center are ready to help in creating individual rules for integration into the means of protecting customer information, "added Ilya Seleznev.

The peculiarity of the Garda TI feeds is that they take into account the peculiarities of attacks on Russian resources. Other sources, which include a wider context, are also used, but the emphasis on the formation of the Fed base is made on domestic specifics, "Ilya Seleznev emphasized.

A new type of indicator has been added to the version of the Garda Threat Intelligence 2.1 service - the hash values ​ ​ of the md5 and sha256 functions.

Ready-made signatures make it possible to detect non-obvious malicious activity.

2023: Adding data on hacker groups, methods and tactics of attacks

Garda has updated the cyber threat data service - Garda TI (Threat Intelligence). The service is enriched with data on hacker groups, methods and tactics of attacks, new types of indicators of malicious activity and connections between them, increased interface convenience. The developer announced this on November 30, 2023.

In this version of Garda TI, analytics on hacker groups, attack methods and tactics provide customers with more complete information about compromise indicators to improve the effectiveness of countering threats. The links between the indicators have also been updated, so that the user can reduce the response time to malicious activity and independently analyze threats.

Among other things, the following types of indicators are available in the database: JA3/JA3S prints. The use of such fingerprints allows you to more accurately analyze the patterns of behavior of attackers and identify unusual or malicious activities on the network. This helps in detecting cyber attacks, insider activities, malicious software, detecting threats in encrypted traffic and previously unknown 0-day threats.

The manufacturer has updated the Garda TI web interface: the query string has been improved, a graphical filter designer is available. You can check specific indicators (/ IPURL addresses) online.

Garda TI is easy to use. To upload data, you do not need superimposed means - everything can be done through the command line, - says Ilya Seleznev, product manager of Garda Technologies (part of the Garda group of companies). - The service is available by subscription for a period of a month or several and for a year. Taking into account registration in the Register of Russian software, the purchase of Garda TI is not subject to VAT.