In the world of cyber, information overload has long since become a problem in its own right. Information security teams are flooded daily with long intelligence reports, alerts, indicators, and publications coming from hundreds of different sources – but precisely at the moments when a fast response is needed, SecOps personnel are forced to waste time searching for information, switching between systems, and dealing with registration walls that hide basic data. The cybersecurity company Vega is now trying to solve exactly this problem with the public launch of the Threat Hub: A new threat intelligence portal that centralizes information from various sources and presents it in a concise, accessible, and primarily practical manner. For the portal click here.
The platform was developed by the company's research group, and its goal is clear: To turn threat intelligence from a theoretical tool into a daily work tool for security teams. Instead of going through reports spanning dozens of pages, the system performs aggregation of content from known cyber sources such as Kaspersky, Check Point, and other bodies, and presents short and focused summaries of only a few paragraphs.
In Vega they explain that one of the central emphases in development was the ability to reduce the "background noise" that characterizes the field of threat intelligence. Therefore, the portal includes focused filtering options that allow for searching information by specific sectors – for example the semiconductor industry – by known attack groups, or by operational techniques in the MITRE ATT&CK model. The goal is to allow cyber researchers and SOC teams to focus only on information relevant to their organization, instead of dealing with vast amounts of general and unfocused information.
The most prominent part of the system is the integration of artificial intelligence capabilities within the workflow itself. The platform includes a feature capable of generating within seconds personalized detection queries, for example in KQL language, based on the attack techniques appearing in reports. In practice, a cyber researcher reading about a new attack method can immediately receive a detection code ready for implementation within the organizational stack, without writing the query manually from scratch.
According to Daniel Messing, Cyber Threat Intelligence Lead at Vega, the goal was to build a real work tool for security teams and not another marketing content platform. "We built the Threat Hub in order to arm SecOps teams with practical information, not marketing presentations. Without advertisements, without IOC Gates, and without complications, simply high–quality intelligence and detection queries that are ready for work from the first moment," he said.
Messing added that: "Threat intelligence is worthless if it does not turn into immediate action. We integrated into the platform AI capabilities that allow every researcher not only to read about a new attack technique, but to generate on the spot personalized detection code. The goal is to shorten the time between the appearance of the threat and the actual defense, without paywalls and without lead collection."