C3TI portal

Portal C3TI (Cyber Threat Intelligence)

Effective monitoring of security threats

C3TI (Cyber Threat Intelligence) – Multi-channel access to information about threats in Polish cyberspace. C3TI is a system devised to collect, process and transmit information about cybersecurity events. The solution is available in a convenient web form. It allows security teams (SOC/CSIRT) and administrators to monitor and respond to threats related to the organisation’s cyber security, i.e. potential attacks on infrastructure and network, on an ongoing basis. The tool enables flexible use of selected modules depending on the client’s needs.

The C3TI portal provides clients with various types of information, including:

  • spam campaigns and malware campaigns,
  • phishing campaigns, including early warning about registration of new domains which are similar to client domains, intended for “typosquatting”,
  • threats/incidents online and in underground sources, e.g. chats about possible unlawful use of the client’s services,
  • publicly available client and employee authorisation data,
  • expired certificates,
  • leaks of databases, including those of third parties, containing employee data.
Ongoing monitoring of security threats to your organisation

Stay safe with the C3TI portal. Act flexibly, react quickly to detected threats and prevent them. Choose the quality, reliability and effectiveness of ComCERT solutions. See what distinguishes our system:

  • Proprietary scripts for monitoring the Internet, including sources to which the average user has no access, supplying the portal with information.
  • Qualified team of experts with many years of experience in the field of cyber security.
  • Modular structure of the portal: Infrastructure Vulnerabilities, Incidents, Threat Radar, IoC Feeds.
  • Intuitive UI (User Interface) and convenient acquisition of information about cyber threats.
  • Transparent access to information in the web portal and via e-mail and API notifications.
  • Multiple formats of data export to external clients, including CSV.
  • Convenient access to summaries of the company’s security situation in the form of a dashboard.
  • Easy review and update of ICT assets provided by the client for monitoring.
  • Full control over the scope of data publication, including: no duplicates, contextual publication history.
  • One source of information ensuring the right frequency and amount of data provided.
  • Quick generation of reports based on provided information, in flexible configuration.
  • Integration with other cybersecurity solutions via API.

Effectiveness
Ability to block threats before they
reach infrastructure users.

Reliability
Reliability of information scrutinised
by specialists.

Speed
Fast response time to current incidents
and general threats.

Knowledge
Up-to-date information on current threats
and attack vectors.

24/7 Access
24/7 Internet monitoring based
on proprietary software.

Savings
Reduced workload to oversee
security.

Search

Allows users to search for indicators that are already presentin the system, e.g. for additional analyses.

Groups

Possibility to create IoC groups on one-to-many basis (group <-> many IoCs). Different types of indicators can be included in a group, including a mix of domains.

Views

Access to predefined views that present information of a given type. System users can create their own views, with the option of saving combinations of filters.

C3TI – a solution created with the security of your company in mind

FUNCTIONAL MODULES

IT Visibility

The module provides information about vulnerabilities in the client’s publicly available IT infrastructure, such as open ports, services running under the control of outdated software, service configuration errors that expose them to attack. Information is collected automatically by ComCERT scripts and is not subject to operator verification.

Incidents

Module providing information on security incidents directly affecting the client’s organisation as detected by ComCERT monitoring, e.g. alerts about a malicious phishing campaign using the client’s image.

Threat Radar 

Module showing warnings about serious threats, presenting press releases (and not only) about global threats with additional description. The alert may also contain links to external sources, e.g. recommended methods of protection against global attacks.

IoC Feeds

Module used to present structured IoC lists. These are publications on observed attacks on companies and Internet users, e.g. phishing or malware campaigns. They are presented in the form of categories and marked with tags.

CORE MODULES 

User accounts and authorisation

Module used to manage user accounts and access authentications to the Portal. Supports creation of accounts: client and ComCERT and assignment of different roles to users, e.g. regular user, administrator.

Reports and statistics

Module designed to generate periodic reports with information provided to the client via the Portal. It allows users to manage reports and generate them on demand or at specific intervals.

API access

This module provides access to data in the portal via API. It allows clients downloads of alerts, IoC sets, automation. On the ComCERT side, it enables automatic script-based feeding of data to the portal.

ADDITIONAL FUNCTIONALITIES

What else distinguishes our system?

The C3TI portal was designed by practitioners to meet the current and future security needs of your organisation. Get to know its features:

  • Repository of cybersecurity threats, for storing and entering data on threats and publishing them in the form and scope agreed with the client.
  • Dedicated UI/UX focused on maximising client needs: multiple-angle viewing and searching for information and reports.
  • Configurable channels of alternative access to information on threats: using the API, data export to a standardised format, reports in e-mail/files, frequency of sending information.
  • Configurable scope of information about threats and their format, including: report template, file format.
  • The client profile configuration process is shared with the client, including: basic data, monitored keywords, addresses, domains.
  • API for automating the collection of threat data provided by external systems.

Are you looking for a trusted provider of cybersecurity solutions?

Benefit from support offered by a proven supplier. Rely on top ComCERT experts who are perfectly familiar with the latest security trends and the needs of enterprises. Our approach to doing business:

  1. Analysis of client needs.
  2. Presentation of security solutions.
  3. Selection of modules/services from the C3TI portal by clients.
  4. Contract execution.
  5. Support by a dedicated ComCERT expert.

Are you looking to improve cybersecurity in your organisation?

Tell us about your needs and we will propose the best solution. Contact us.