Arctic Hub is a cyber defense solution that automates the finding and processing of threat observations. Using the Arctic Hub, you can provide stakeholders with tailored and up-to-date threat information. The highly automated process is easy on your resources and simple to implement. All that’s left for your customers to do is to react to the information.
Customer-specific integrations and dynamic assets
We want to help our Arctic Hub users use new data sources that can provide information on a per-customer basis. Hub 3.0 release includes customer-specific integrations which can be enabled for all or only for a selected set of customers. This capability enables a whole category of new data sources to be used together with Arctic Hub.
Amongst such integrations is the dynamic domain name resolver, which dynamically resolves the IP addresses for domains listed in the customers' asset configurations. The dynamic resolver then includes the resolved addresses to the customer’s network asset configuration so that they can be used to match against collected security information.
Attack surface mapping is an essential aspect of today's cybersecurity environment. We want to help Arctic Hub users better serve your customers by automatically discovering assets they should include in security monitoring.
Hub 3.0 release contains a new customer-specific integration to automatically enumerate domains under a specified domain in a customer asset configuration. This feature requires a commercial subscription from SecurityTrails, which is a source of data for currently existing domains.
This enumeration capability works well when combined with the new dynamic domain name resolver integration to discover assets for a customer dynamically. With this integration enabled, you only need to list your domains. Subdomains for those domains will be enumerated automatically.
AWS Asset extraction and monitoring
Many organizations have large asset footprints in the AWS EC2 cloud, which can be tough to track and monitor. New instances get spun up but may not show up in security monitoring.
As another example of a customer-specific integration, Arctic Hub can now be configured to automatically fetch all current assets from the organization's AWS management and add them to security monitoring. The integration eliminates the manual labor of synchronization between multiple asset databases and ensures that the organization's cloud assets are monitored based on up-to-date information.
Hub to Hub configuration and data synchronization
Arctic Hub is often used in a context where there is a top-level hub, and then other Hubs are connected to it to receive data. Hub 3.0 release adds a new feature to synchronize selected customers from one Hub to another and receive data matched to those customers back.
This new capability enables our customers to delegate asset management for a set of stakeholders to a Hub operated by another organization. As a practical example, this works well in a context where a sectoral CSIRT takes care of asset management for its customer base but wishes to receive data from an upstream Hub at a national level. With asset synchronization, you can automate this process.
Asset management improvements
Several features have been added to ease the management of assets in more complex environments. An earlier release added the ability to group and name IPs and domains. Newly introduced asset labels indicate which asset in the configuration correlated the observation to the customer. This feature allows the customer to know why they were alerted. This feature is particularly useful with the dynamic asset monitoring capabilities introduced in this release.
Hub and Node 3.0 release supports viewing aggregated data in the List and Categorilla views in the dashboard. The ability to use the aggregate backend as the data source allows users to create List and Categorilla views that contain large data volumes and span over a long time range. This enables new use cases for using the dashboard to monitor different situations.