Don’t be alone in cyber
Get cyber threat information from the ones who know to the ones who need to know. Connect threat intelligence sharing organizations and enterprises with Arctic Hub and Arctic Node products.
Arctic Security has built its products based on years of experience operating in nation-wide and nation-to-nation information sharing. Our headquarter is in Oulu, Finland and regional offices are in Helsinki and Singapore. We focus on actionable threat intelligence and seek to automate the collection, harmonization, processing and distribution of that information.
Our mission is to create defense cell based threat intelligence networks to enable fast and automated information sharing with the parties. We want to get both cyber security centers and other cyber officials connected with companies and help them share the critical threat information between each other.
In the heart of a defense cell there is a hub that receives and shares the essential threat information. A hub can typically be a national computer emergency response team or a cyber security center. Or, in big organizations and companies a headquarters or other central unit can act as a hub and deliver the information to the other units.
The role of the nodes in the defense cell is to collect the critical cyber threat information from their hub and act accordingly. For example, companies that are providing critical infrastructure can protect against the cyber threats reported to them by a national cyber security center.
Arctic Hub automates your cyber threat intelligence cycle
Arctic Hub enables threat intelligence sharing organizations to automate their cyber threat intelligence cycle where raw threat data is turned into actionable threat intelligence. This ensures you get the threat information collected, harmonized and disseminated in a timely and effective manner.
Arctic Hub can be installed on your premises or on a dedicated cloud server, depending on your preference. When enabled, it collects and processes threat data from different information sources which can be commercial, open source or private. Arctic Hub allows you to share the collected intelligence with your stakeholders through fine-grained controls. Information will be stored in the system for later access either as detailed observations or over-time statistics. Our customers always have full control over their data including its storage and processing without any dependency on Arctic Security.
Automated intelligence sharing
- Threat data is automatically mapped to your customers based on their internet presence
- Choose which kind of threat intelligence packages you want to send to each customer
- Your customers will get only the threat intelligence data that is valid for them
- You can choose to share these via email reports or direct API access
- See real-time information on the threats your customers have faced
- See how the threat data has been divided by different factors such as type of customers, geographical area, type of malware or observation time
- Get situational awareness that helps you set up KPIs to follow up how your cyber security has improved over time
feedback from your customers
- See who of your customers have accessed the threat intelligence
packages you have sent to them and when they have done that
- Understand how effective your threat intelligence sharing is and if your
customers find it useful
control your threat intelligence
- Arctic Hub can collect raw threat data from various threat feed providers
- Choose from close to 100 integrations to both commercial and open source threat feeds that are available out-of-the-box in Arctic Hub
- You are in control to choose which of
them you want to activate in your use
Arctic Node lets you know what you need to fix
Arctic Node collects the cyber threat intelligence from Arctic Hub or other relevant sources and helps enterprises become more resilient in cyber security. You can use this information to make sure your network traffic, logs and security devices do not show indications of those threats. Integration to network security sensors helps you automate monitoring your network traffic.
Whenever you get information on critical issues in your own network you know what you need to fix immediately. To make the process even smoother you can automate some of the information flows by integrating Arctic Node to your existing security information and event management systems. Users of Arctic Node can also strengthen their defense cell by giving information back to their Hub. For example, you can validate the received data by confirming a sighting of a malware URL.
Arctic Node can be installed on your premises or on a dedicated cloud server, depending on your preference. The deployment is quick and user friendly. Our customers always have full control over their data including its storage and processing without any dependency on Arctic Security.
integrated with threat intelligence feeds and platforms
- Arctic Node collects threat intelligence directly from a cyber security center or other central operator using Arctic Hub
- Or, choose from close to 100 integrations to both commercial and open source threat feeds available out-of-the-box
- You are in control to choose which of them you want to activate in your use. Or, you can even choose to integrate Arctic Node with your existing threat intelligence platform
integrated with security sensors and SIEM
- Arctic Node can be integrated to security sensors and SIEM
- Sensors can automatically receive the latest cyber threat data in their use
- Sensors can alert you whenever suspicious traffic is detected
- By getting the up-to-date threat intelligence to your SIEM you get better analysis of your logs and find out the issues
get situational awareness
See real-time information on the threats you have faced
- Follow up on the trends how your cyber security has improved over time
integrated with incident response platforms and ticketing
- Automate your information flows by integrating Arctic Node with your incident response platforms and
Arctic Sensor automates your network traffic monitoring
Arctic Sensor is an accessory appliance to Arctic Node. It is a product for monitoring the outgoing network traffic of any organization. While monitoring the traffic Arctic Sensor continuously reads the threat intelligence data that it receives through Arctic Node. Thus, it can immediately alert back to Arctic Node if it detects company internet traffic pointing to a malware command and control servers, malware distribution sites or other known malicious hosts.
Arctic Sensor is a software product which requires a dedicated physical hardware unit for network monitoring. It combines a high capacity sensor hardware unit together with the Arctic Security control system into a single deliverable solution which can be trivially integrated with Arctic Node. One Arctic Node instance can integrate with tens of Arctic Sensor units. There are two sizing options available for Arctic Sensor, one for the 1Gbps line speed and the other for 100Gbps.