CDSA

NSS Labs has launched CAWS 2.2, a Cyber Threat Protection Platform and Cyber Threat Impact (CTI) Product to deliver comprehensive threat visibility, contextual threat analysis and security workflow automation. CAWS CTI is powered by NSS Labs’ BaitNET threat harness with over 40% unique threats and live exploits discovered in the wild, to deliver real-time, 24×7 threat discovery and analysis, with one-of-a-kind capture, harvest and replay technology.

With global visibility into active threats and vulnerabilities, CAWS empowers the Security Operations Center (SOC) to continuously monitor and respond to threats, strengthen the Enterprise’s cybersecurity posture, and have confidence that the security team is appropriately securing the organization.

For Enterprises today, ransomware has become one of the leading cyber threats to their business data. As seen in NSS Labs’ threat harness, 31.92% of all unique URLs hosting an exploit led to ransomware in 2016 which shows a huge explosion in ransomware attacks as threats continue to multiply. Cerber, TeslaCrypt and CryptoWall ransomware were some of the major threats identified in the harness. With CAWS CTI, Enterprises now have the ability to gain attack visibility, and be able to classify ransomware as a part of threat discovery and analysis to drive prioritized action and mitigation. 

CAWS CTI addresses the critical gaps in enterprise cybersecurity efforts by arming security teams with high-value, targeted intelligence that can quickly and easily be incorporated into existing security systems and automated mitigation and response workflows. This is enabled with the following capabilities:

CONTEXTUAL THREAT ANALYSIS

• Pinpoint and surface high-relevance events for immediate evaluation
• Prioritize actions by separating the signal from noise
• Gain valuable reaction time by reducing false positives

CONTINUOUS SECURITY VALIDATION

• Know which threats are capable of bypassing your defenses
• Make immediate configuration changes and updates
• Conduct vendor-agnostic change modeling and comparisons

SECURITY WORKFLOW AUTOMATION

• Automatically parse relevant threat indicators
• Immediately disseminate actionable intelligence
• Use API to feed SIEM and endpoint security solutions

In the month of December, 3,013,341 URLs were crawled in CAWS, and of those URLs 1,022 served exploits.  In addition, 16 applications were affected and 661 exploits bypassed vendors’ security devices.

“Security operations teams that need to determine which active threats put their organizations at risk are often overwhelmed with noisy threat intelligence solutions resulting in a high rate of false positives, as these solutions continue to lack full cyber kill chain analysis and threat context,” said Gautam M. Aggarwal Chief Marketing Officer & Head of Products at NSS Labs.  “Attacks are becoming more complex with new exploit variants and ransomware threats. Organizations are already at defcon levels of breach alerts and need a proactive offering that can provide a complete life cycle of global threat discovery, analysis and automation.  The CAWS platform and the CTI Product empower them to effectively prioritize and automate threat intelligence,” adds Aggarwal.