EN
Smiddle Security Administration Platform

A software solution for information and cybersecurity that increases the effectiveness of security systems
and takes them to a new level by prioritizing the enrichment of critical indicators of compromise

 

Request a demo
Smiddle Security Administration Platform
Smiddle Security Administration Platform

Smiddle Security Administration Platform Smiddle Security Administration Platform

The Smiddle Security Administration Platform (SSAP) software is a comprehensive solution for automating, scaling, and improving the efficiency of the Security Center (SOC) by quickly, timely and qualitatively enriching cyber defense equipment with indicators of compromise (IOC).

SSAP receives indicators of compromise (IoCs) from different sources in different formats and automatically normalizes, correlates, and prepares them for further sending to security devices. This allows load balancing and more efficient use of firewalls (for example, Cisco Firepower)

Smiddle Security Administration Platform has the ability to collect threat information from many different types of sources. These can be both open public sources and those requiring authorization when accessing them.

The solution works with systems and formats such as

Systems

  • Cisco Secure Firewall
  • Management Center
  • ArSight
  • Cisco FMC
  • Cisco Smart Licensing
  • Cisco Email Security
  • Cisco SecureX
  • MISP
  • Virus Total
  • FS-List

Formats

  • stix
  • html
  • txt / xml
  • pdf
  • misp
  • csv
  • stix / taxii

The system receives IoC from various sources, normalizes, removes non-valid and repetitions, and prepares personalized lists of threat indicators in accordance with the specified parameters, and enriches security devices with them. SSAP also enables you to create and upload whitelists of indicators, automatically excluding them from being sent to security devices. This solves the problem of false positives and blocking access to individual company services.

Automating work with various sources and formats of receiving IoC reduces the burden on a company's security department and significantly speeds up the processing of all incoming indicators.

Smiddle Security Administration Platform is a unique, unparalleled software solution that enables you to automate network perimeter protection processes and reduce the burden on security specialists to perform more important tasks.


Request a DEMO
The architecture of the Smiddle Security Administration Platform solution consists of separate modules and allows you to connect one or more modules in accordance with the needs of the company/organization..

SMIDDLE SECURITY ADMINISTRATION PLATFORM

Aggregation Module (SAM)
Aggregation
Module (SAM)
Distribution Module (SDM)
Distribution
Module (SDM)
Inventory  Module
Inventory
Module (SIM)
SECURITY AGGREGATION MODULE (SAM)
Control of compromise indicators security
  • Connecting various sources with IoC lists;
  • Normalization of IoC lists;
  • Formation of white lists;
  • Filtering indicators using internal SSAP logic and external validation systems;
  • Marking of indicator sources.
SECURITY DISTRIBUTION MODULE (SDM)
Intelligent Firewall Enrichment
  • Create aggregated IoC lists that:
    - Do not contain duplicates,
    - Are type-matched to a specific security device ,
    - Do not overload the memory of safety devices with unnecessary indicators ,
    - Do not contain false indicators ;
  • "Red button" for forced unloading of indicators on the Cisco Secure Firewall
  • Enriching IoC SIEM ArcSight ESM from SSAP console
SECURITY INVENTORY MODULE (SIM)
Endpoint analytics processing
  • Poll Cisco Secure Firewall about the status of loaded sources and indicators
  • Obtaine information from the Cisco Smart Licensing Console about the validity of licenses/span>
  • Display statistics on IoC triggering on Cisco Secure Firewall
  • Receive end notifications

The differentiation of rights and access levels allows a user with administrator rights, if necessary, to restrict the access of other users (operators) to individual functions or modules.

Request a DEMO

MAIN FUNCTIONALITY OF SOLUTION SSAP

  • Obtaine IoCs from various resources (feed) and different file formats: local file (TXT / XML), from URL, PDF reports on cyber threats, from FS Group and MISP, STIX files
  • Analysis of information about IoCs: statistics of hits, sources of origin, rules for distribution, editing, updating information, deletion, inclusion in the White List
  • IoC validation on the VirusTotal platform
  • Formation and creation of white lists of resources
  • IoC cleaning during validation and comparison with whitelists
  • "RedButon" - instant enrichment of FMC and Firepower with new IoCs
  • Formation of IoC import rules for FMC
  • Enrichment of ESM ArcSight with indicators of compromise
  • Interrogation of the Cisco FMC systems regarding the formation of statistics of operations
  • Monitor the activity time of all available licenses: SSAP, Cisco FMC, CISCO Firerower, and paid feeds: FS-List, Cisco Talos, Cisco Umbrella

Visualization of information in the form of dashboards and graphs helps to see the dynamics and analyze information, evaluate the effectiveness of resources, the number of triggers and other statistics. Fixing the quality metrics of indicator sources enables you to evaluate their quality and select those that meet your requirements.

BENEFITS OF SMIDDLE SECURITY ADMINISTRATION PLATFORM

  • Our solution enables you to automatically process huge arrays of indicators and, as a result, reduce routine processes and the burden on staff significantly.
  • Reduce the number of false positives on security devices through the implementation of centralized whitelists with allowed indicators.
  • Enhance the effectiveness of security appliances by providing only unique and appropriate IoCs.
  • Add Threat Intelligence sources directly from the SSAP web interface without direct administrator access to security appliances.
  • Compare and evaluate the quality of paid or free sources of IoCs, SSAP enables you to determine how unique and high-quality indicators you get from different sources and rate them. This allows you to save on subscriptions that do not bring value.
  • Urgently enrich equipment with the "RED BUTTON" function.

 

The convenient intuitive interface and quick installation enable you to get started in the shortest possible time. Using SSAP as a manager of indicators of compromise will significantly increase the efficiency of your Security Operations Center.

Smiddle Security Administration Platform – is a modern solution for the effective protection of information from external cyber threats.

Request a DEMO

 

Contact us now to learn more