CALM Threat Cloud (CTC) is a Threat Intelligence platform which works as an overlay technology to the CALM SIEM platform. The threat intelligence contained within CTC is ingested into CALM, which in turn enables CALM to perform near real-time correlation of customer generated events with known threats and associated Indicators of Compromise (IoC’s).
CTC is part of a global threat intelligence sharing community comprising over 400 organisations worldwide. CTC currently tracks in excess of 9000 security events, such as malware(s), known hacker groups, phishing actors etc. which in turn have more than 2.5 million IoC’s attributed to them.
The CTC database is continually updated with new threats as they are detected and corresponding intelligence is published into the shared community. Newly published threat data is ingested into CTC, de-duplicated in the event that multiple participating organisations report the same event or IOC and is then made available to CALM for correlation with customer events and detection purposes. This whole process takes approximately 60 seconds from the point that new threat data is received into CTC.
CTC also contains published 3rd party information such as vulnerability reports from Security Vendors and other relevant organisations, which in turn helps customers quickly and efficiently understand the nature of a particular threat and to assess the potential risk/exposure to their business.