Sixgill Joins the Cortex XSOAR Marketplace as a Featured Launch Partner

Aug 13, 2020
4 minutes

Sixgill is proud to be included in the exclusive list of launch partners for the new Cortex™ XSOAR Marketplace with the integration of Darkfeed™, a unique and comprehensive stream of malicious IOCs. Sixgill, a source of truth for underground threat intelligence, uses automation to empower security teams to collect, analyze, research, and respond to intel as seamlessly as possible, helping to maximize operational readiness and response. The Darkfeed content pack on the Cortex XSOAR Marketplace is designed to accelerate customers’ incident prevention and response by combining Sixgill’s threat intelligence with the automation capabilities of Cortex XSOAR.

Sixgill’s agile threat intelligence methodology calls for an integrated ecosystem - which is exactly what the Cortex XSOAR Marketplace provides. The ability to proactively block items that threaten your organization can be greatly enhanced by real-time, integrated data, processes, and workflows from a single platform. One of the biggest hurdles security teams must overcome is siloed processes. Sixgill’s focus has been on breaking organizational silos, bringing different departments together - especially in the banking/insurance/financial services industry. 

The following illustrates this point through a real life example: according to Sixgill data, every minute there are 83 credit cards offered for sale in the deep and dark web. That’s a little over 3.5 million stolen/leaked credit cards each month. By harnessing Sixgill’s vast data lake, Cortex XSOAR customers gain access to a broad real-time collection of underground sources, enabling security teams to automate advanced warnings and trigger the right playbooks - uniting security and fraud teams with shared intelligence to better protect their organization. 

Sixgill Darkfeed Content Pack

Sixgill Darkfeed™ is a stream of malicious indicators of compromise, including domains, URLs, hashes, and IP addresses. It relies on Sixgill’s vast collection of deep and dark web sources, and it provides unique and advanced warnings about new cyberthreats. Darkfeed is automated, meaning that IOCs are extracted and delivered in real-time, and it is actionable, meaning that its consumers will be able to receive and block items that threaten their organizations.

Darkfeed and pre-built playbooks can help automate your key SOC use cases such as threat hunting and malware protection. The Darkfeed content pack includes the stream of indicators, a customized dashboard and three playbooks that:

  1. Automatically download malware from new Darkfeed IOCs and run them through the "Darkfeed IOC detonation and proactive blocking" playbook
  2. Download malicious files from Darkfeed IOCs, detonate them in automated sandboxes, and extract and block any additional indicators and files.
  3. Automatically discover and enrich indicators with the same actor and source as the triggering IOC. Search for and isolate any compromised endpoints and proactively block IOCs from entering your network. 

Use Case

A multinational financial services corporation was facing several challenges relating to cyber and fraud. They relied on manual intelligence that was either dated, irrelevant or inaccurate (loaded with false-positives), which created gaps and bottlenecks. Their analysts were collapsing under the volume of repetitive manual work required to produce quality intelligence. 

Integrating Cortex XSOAR with Sixgill Darkfeed for automation of data enrichment and threat intelligence management can accelerate time-to-intel, improve intelligence relevancy, and optimize strategy.

With Sixgill Darkfeed, this customer's security and fraud teams could finally: 

  1. Accurately prioritize responses and suggest remediation steps across various units in the organization.
  2. Accelerate discovery and remediation of zero-day exploits and threats.
  3. Refocus their security teams on high-value tasks to better protect their organization from the most critical threats.

Using the extensibility of Cortex XSOAR, the client’s security teams were able to expand the array of use-cases and drive additional value. Improving analysts’ performance, reducing operational costs and increasing ROI of the entire cyber-stack are all potential by-products of an integrated system.

We believe that the Cortex XSOAR Marketplace is well designed to maximize value for Cortex XSOAR users. We’re excited to take part in such an initiative and tackle future challenges together head on. 

To learn more about Sixgill Darkfeed for Cortex XSOAR, click here. Visit the Cortex XSOAR Marketplace to try out Darkfeed today. 

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.