I’m very excited to use the first post to discuss about EnvoyProject, a threat intelligence collaboration service.
Why care about threat intelligence and cyber security? With the most recent breaches like Equifax that exposed the data of 143 million Americans, and other similar attacks, it reminded people that hackers will utilize any method to gain access to company and personal data, by any means. With the complexity of today’s systems and prevalence of cloud infrastructures, the chance of them succeeding constantly increases.
We need to be one step ahead of them. This is how EnvoyProject started.
The problem that EnvoyProject tries to solve is that threat intelligence most often a gated community: large vendors sharing data with large companies. This has to change. Threat Intelligence is a vital component in the fight against external threat actors and EnvoyProject makes it available to developers.
This is where EnvoyProject comes in.
EnvoyProject is a threat intelligence pipeline. It aggregates data from open source and private data source repositories, consumes the data using statistical methods, and makes it available for developers. Due to the sensitivity of the data, it is offered both as an on-premise Docker container, and also a cloud platform.
The data collected by Envoy can be utilized in multiple ways. For example, it can be consumed to block requests coming from malicious IP or block specific countries. If you are a developer, you can filter out request from malicious IPs in your application. Or if you work at an organization and have implemented a SOC (Security Operation Center), you can forward the events for further correlation in your SIEM (for example: ArcSight, Splunk or Elastic Search).
Top Photo by Mikito Tateisi on Unsplash