Forcepoint ThreatSeeker Intelligence

Every second of the day, the Forcepoint ThreatSeeker Intelligence scours the vast expanse of online content for potential threats. It’s up to the task. It receives global input from over 155 countries and, working in parallel with Forcepoint ACE, analyzes up to 5 billion requests per day. Forcepoint ThreatSeeker Intelligence also serves to distribute threat intelligence to Forcepoint solutions around the world, which last year generated an average rate of 3.2 pieces of threat intelligence every second.

Content Collection

Forcepoint ThreatSeeker Intelligence collects content in all its online forms: Web pages, documents, executables, scripts, streaming media, emails, mobile applications and other Internet traffic. It processes billions of pieces of email and Web traffic intelligence daily to uncover new trends in threats and identify further types of content to collect. As it operates, Forcepoint ThreatSeeker Intelligence:

• Monitors popular websites to see if they’ve been compromised or hijacked
• Follows breaking news, trending topics and viral social media to identify additional content to assess
• Tracks geographical hot spots, new URL listings and other potentially revealing Internet activity

Content Identification

To identify threats, the Forcepoint ThreatSeeker Intelligence uses all eight ACE defense assessment areas plus a series of out-of-band analyses, all performed under the constant supervision of Forcepoint Security Labs™ researchers.

Forcepoint ThreatSeeker Intelligence and ACE work in tandem to detect zero-day and other unknown threats and protect your organization from breaches. That protection is even stronger thanks to ThreatSeeker’s other capabilities, including:

• Big Data Analysis — Proprietary big data analysis tools enable automated assessment of key trends and indicators. Security Labs researchers then investigate anomalous activity to gain deeper understanding of emerging threats and improve defenses.
• Threat Sandboxing — New and suspicious executables uncovered by Forcepoint ThreatSeeker Intelligence are scrutinized in context for Indicators of Risk (IoR), but also detonated in a sandbox and interrogated for potentially malicious behavior.
• Mobile App Profiling — This special sandbox performs malware tests and monitors the permission-related activities of mobile apps to detect indications of malicious intent. Results are used to maintain the “Mobile Malware” and “Unauthorized Mobile Marketplaces” security categories within Forcepoint security products.