Threat data processing

Every day, EWS automatically collects and processes over 5 million observations of cyber incidents and threats worldwide using over 100 external sources. This information can be hard to find and expensive to access. Responding to threats promptly requires fully automated large-scale data collection, processing, and targeted incident notification.

Why use this many sources?

Our service brings together data from multiple third-party data providers. Each of them provides information on specific cybersecurity issues, and data collecting methods vary between data providers. The overlap between data sources is generally very low. Different collection methods and geographical locations result in unique data sets, so relying on just one data provider cannot offer sufficient coverage. In addition, when a substantial amount of data of the same threat is reported from numerous sources, it strengthens the signal about the specific security issue.

Why should I be worried about compromised hosts?

Compromised computers are often exploited for data and identity theft and provide ways for ransomware to enter your network. Missing just one compromised host can leave open a backdoor that will allow cyber criminals to maintain a foothold within your organization.

Compromised hosts make your systems fragile to data breaches. According to a study from Ponemon, the average cost of a data breach in 2020 was $3.86 million. The most common causes were malicious attacks (52%) followed by human error (23%) and system glitches (25%).

Time is your biggest enemy when it comes to compromised hosts and vulnerable systems. It is only a matter of time before someone exploits them. The key is to spot the problems early enough and to fix them.

Why should I be worried about vulnerable and open services?

Vulnerable and open services reported by EWS may indicate a publicly accessible weak point in your network. For instance, these systems may be misconfigured, outdated, or otherwise vulnerable. Cyber criminals exploit vulnerable computers for data theft, ransomware attacks and use them as stepping-stones to even further attacks. Breach prevention systems do not usually catch vulnerable services, and the communications with those services from the outside may appear as perfectly normal network traffic.

What information is relevant to me from an EWS point of view?

Cybersecurity information collected by EWS contains compromised hosts and vulnerable and open services that can adversely affect your organization’s security. This information is already out there, available to cyber criminals. But it can also be available to you—we match all threat observations to the information we know about your organization. Whenever a match is found, we notify you specifically on findings related to your networks.

Benefits of EWS

EWS automatically finds unattended known security problems that put your organization in danger.

  • It provides periodic notifications about your issues to help you to catch incidents that have passed through other security measures. EWS gives visibility over issues that could be leveraged to attempt a breach
  • It helps you quickly recognize and prioritize risks and reduce the time-to-discovery through ready-to-use information
  • It’s easy to set up and maintain: you tell your assets and start receiving information without any complicated configurations or installation processes
  • It’s centralized: it covers your entire network infrastructure and services, including those running in the cloud
  • It adds an additional layer of protection that complements existing cybersecurity investments
  • It’s incredibly affordable