UA EN
A software solution to increase the
effectiveness of cyber protection systems
Real-time cybersecurity protection and management
Smiddle Security Administration Platform - a solution that collects,
sorts, and validates indicators of compromise for their further
use in security tools.
Smiddle Security Administration Platform

The Smiddle Security Administration Platform is a system that automatically collects and processes Indicators of Compromise (IoC) according to specified parameters.

Our solution has the ability to collect threat information from a large number of different types of sources and in different formats, automatically normalizes, validates and prepares it for security tools.

This allows you to adjust the load and use firewalls and other security tools more efficiently.

This solution can collect IoC from various sources that are available via links (URLs) or downloaded from a file and in different formats, such as websites (HTML), the special format for IoC (STIX), text files (eg TXT, PDF) and others.

Formats:
  • stix
  • html
  • txt / xml
  • pdf
  • misp
  • csv
  • stix / taxii
Systems:
  • Cisco Secure Firewall Management Center
  • ArcSight
  • Cisco FMC
  • Cisco Smart Licensing
  • Cisco Email Security
  • Cisco SecureX
  • MISP
  • Virus Total
  • FS-List
Features
of Smiddle Security Administration Platform
Smiddle Security Administration Platform
Data cleaning
One of the important features of the Smiddle Security Administration Platform is cleaning the received data from unnecessary elements such as erroneous values, duplicates, irrelevant and unverified data. This step helps ensure high-quality and effective analysis that increases the reliability of the security system.
IoC Correlation and Validation
Correlating the IoC with company whitelists helps significantly reduce false positives and improves system accuracy. Another important feature is the validation of IoC against threat-level criteria. Such verification helps determine whether these IoCs may pose a threat to a particular information system.
Designation by type
Additionally, IoCs can be labeled by their type and direction of use. This helps to understand exactly how these IoCs can be used, which allows for a better assessment of risks and the adoption of appropriate security measures to protect the information system from possible cyber threats.
Smiddle Security Administration Platform
Benefits
Unique indicators
Unique indicators
Improve the effectiveness of security devices by providing only unique and type-appropriate indicators of compromise
Source Management
Source Management
The ability to add Threat Intelligence sources directly from the SSAP Web UI without administrators having direct access to security devices
Automation
Automation
Automatically process indicators of compromise from various sources and different formats, their normalization and validation
Red button
Red button
Quickly enrich the equipment thanks to the presence of the "RED BUTTON" function
Quality of Sources
Quality of Sources
The ability to compare and evaluate the quality of different sources, paid or free. SSAP allows you to determine how unique and qualitative indicators are obtained from selected sources
Analytics
Analytics
Receive up-to-date statistics on the operation of IoCs and analytics by sources of IOCs
Simplification of processes
Blocking mode and Process simplification
Automatic transition of compromise indicators from SSAP collections into blocking mode. This reduces staff workload and streamlines routine processes
White lists
White lists
Reducing the number of false positives on security devices, thanks to the implementation of centralized white lists with allowed indicators
Control of licenses
Control of licenses
Ensure clear control over the relevance of licenses and subscriptions
 
Use
Automated collection and enrichment of Threat Intelligence security tools with events

Problem: The large variety of sources and the amount of information about threats make it difficult or impossible to process and manage them manually.

Solution: SSAP acts as a platform that automatically collects, processes, and prepares threat information for delivery to security devices. It has the ability to collect threat information from a large number of different types of sources. These can be both public and paid sources that require authorization when accessing them. It then filters and normalizes the resulting data by cleaning up duplicate, malformed, and invalid VirusTotal and Whitelist items. According to the configured parameters, it prepares customized and clean lists of threat indicators that enrich the security devices.

Result: The burden on security personnel is reduced by automating the processes for collecting and analyzing IoCs.

About our company

Smiddle is an international software developer. We don't just build software; we turn ideas into innovative products that change the world. Each project for us is a challenge that we take on with great responsibility and enthusiasm. We value each of our partners and each user of our products.

Your success is our success, and that's why we work to the limit to provide you with the highest level of satisfaction and convenience. Our mission is to create products focused on the needs of our customers. Each of your projects receives our undivided attention. We offer complex solutions, technical support and consulting support.

faq
FAQ

No, we currently do not have our own sources with lists of indicators of compromise.

But, if necessary, our implementation team can recommend some of them depending on the available security tools and the specifics of the organization.

SSAP actually consists of three modules (Aggregations, Distributions and Inventories). The Aggregation and Distribution modules are mandatory for the complete operation of the solution, because they perform the role of collecting, processing and preparing clean lists.

The Inventory module is additional and expands the functionality by integrating with the Cisco Secure Firewall Management Center, which allows you to send to it from the SSAP console lists with indicators and collect operation statistics.

SSAP includes three modules (Aggregations, Distribution and Inventory), each of which requires a separate license.

The Aggregation and Distribution modules are mandatory for the operation of the solution and are licensed according to the number of nodes of such modules. In turn, the Distribution module extends SSAP functionality by native integration with Cisco Secure Firewall Management Center, and is licensed depending on the number and models of sensors connected to Cisco Secure FMC.

In any case, you can contact us for consultation and demonstration

To download IoCs from SSAP, a standard interface for security devices that works with STIX/TAXII protocols is used, that is, any security device that supports interaction using this protocol can connect to SSAP and download lists with "clean" indicators. And the presence of an open API in each of the modules allows you to make other integrations.

You can download indicators to the SSAP database either as a file or as a URL with the following source formats: MISP, STIX, STIX/TAXII, HTML, TXT, XML, PDF, CSV. After processing the indicators, their validation, normalization, it is possible to download them to the security device.

In SSAP, it is possible to control licenses for Cisco Secure Firewall and private IoC sources, this is done as follows:

  • - For Cisco Secure Firewall due to the integration of SSAP with Cisco Smart Account, where the relevant licenses of Cisco products are stored, and it is possible to monitor the status of specific licenses in real time.
  • - For IoC sources, in manual mode, when creating or editing a source, the expiration date of a specific license is set.

In SSAP, the function of assessing the quality of the source is implemented. This allows you to assess how suitable the source is for each specific implementation.

In order to evaluate the quality of the source, SSAP uses metadata formed on the basis of information about the sources, such as the total number of indicators, duplicates, indicators from white lists, etc., as well as from data from security devices about the number of activations of these indicators.

After that, the SSAP algorithms analyze the received data and assign a rating to each of the sources.

SSAP does not have its own sources with indicators of compromise, and works exclusively with sources added to it. But SSAP helps automate the process of taking IoC from the source according to the schedule, or uploading a new batch of indicators. If the threat became known very recently and the source already contains this indicator, you will receive it in SSAP. After all checks, as soon as the indicator gets into the database of "clean" indicators. It can be unloaded onto a security device upon request.

Contacts
Write to us and ask any questions
and we will get back to you within one business day.
For more information, visit our privacy policy
Send
Tallinn, Harju County, Kesklinn
Kyiv, Stepana Bandera Avenue 16-B