In this post, we want to share some news about the new dashboard we added to Polaris, our Generative AI for Cyber Threat Intelligence (CTI).

CTI can be helpful for tactical or operational decisions when it delivers information that analysts can leverage in daily activities, such as prioritizing patches, applying mitigations, and filtering alerts. Polaris continuously generates and updates insights to summarize vulnerabilities, cyberattacks, malware distribution campaigns, and related activities. Indicators of Compromise (IoCs), CVEs, and threat actor information are extracted from public sources to be easily accessed as part of the insight, providing actionable data for tactical decisions.

However, threat intelligence is also essential for strategic decisions, such as policy changes, assessing risk for new ventures, and allocating resources. The new Polaris dashboard aggregates data from all insights generated in one place, presenting a strategic view of the most relevant threat actors, vulnerabilities, and trends.

While Chief Information Security Officers (CISOs) are more likely to benefit from strategic threat intelligence, Chief Information Officers (CIOs) and Chief Technology Officers (CTOs) may also find this information helpful when deciding which technologies to adopt or what kind of risks they will face in new projects.

Managed Security Service Providers (MSSPs) should also look for strategic data on cyber threats. Because MSSPs are responsible for protecting assets belonging to several customers, having a broader view of the threat landscape is helpful.

What is Polaris?

Polaris is an advanced cyber intelligence tool developed by Axur that utilizes artificial intelligence to analyze, summarize, and automatically correlate threat alerts. This tool provides tactical information and eliminates the need for manual tracking, allowing security teams to focus on strategic initiatives. With Polaris, it is possible to maintain continuous visibility of global threats, identify hidden patterns, and proactively combat emerging risks, ensuring the integrity of your organization's attack surface.

What is on the dashboard?

At the top of the dashboard, you'll find an AI-generated summary of your threat landscape alongside the most relevant insights. Remember that Polaris generates insights based on your attack surface map, so this summary is tailored to the specific set of assets you monitor. The summary can be restricted to a particular time frame, such as "Yesterday" or "Last week."

Below this summary, you'll find two options. One is the timeframe that will be considered for all other sections, while the other allows you to select whether you want the data to be based on your assets or a global overview. Of course, you can also quickly switch between and compare both views.

Here's a brief description of each section:

• Assets: This section shows the assets mentioned more often inside Polaris insights. By default, you'll see a list of your most impacted assets and how many of your assets (as a percentage) have appeared in Polaris insights during the selected timeframe. The global overview shows the most impacted assets with no filter, so you won't see the percentage graph.
• Threat Actors: This section shows the most active threat actors based on the number of sources (mentions) for each. After clicking the name of a threat actor, you can click on the "Insights" button to see a list of all insights related to that threat actor.
• Trending CVEs: This section shows a list of Common Vulnerabilities and Exposures (CVEs) identifiers found by Polaris during the selected timeframe. Each CVE is tracked by the number of insights and its CVSS score. As this is a list of trending vulnerabilities, they are not necessarily new. Instead, these are CVEs used in recent attacks or related to recently reported campaigns.
• Malware: This section is very similar to the "Threat Actors." It's a list of malware families or other malicious software tools used in cyberattacks and mentioned in sources scanned by Polaris. Clicking on a name will give you access to the "Insights" button to check all related insights.
• TTPs: This section lists the tactics, techniques, and procedures that Polaris was able to link to the insights generated. Clicking on a TTP displays a line graph indicating whether that specific TTP is trending downward or upward.
• Heatmap of impacted locations: Insights generated by Polaris contain information about the victims, perpetrators, and targets of each cyberattack. This world map shows which countries were mentioned more often in the data analyzed by Polaris. Clicking on a country brings up a list of all the insights that mention it.

The 'Industry' filter

When you select the "Global" view in the dashboard, a new option becomes available in some sections: Industry.

This extra filter only shows information related to the selected business sector, such as Healthcare, Finance & Insurance, Education, Transport & Logistics, Tourism & Travel, among others.

This allows you to compare yourself to others in your industry or find threats you may be missing, but it also helps you check related sectors. The Healthcare industry could be interested in the security of logistics services, while technology companies may want to watch for emerging threats to the telecommunications sector.

This is a powerful tool to improve the decision-making process in cybersecurity.

A closer look at threat actors

Polaris builds threat actor pages to consolidate known information about each, allowing you to quickly grasp its nature and how it could affect your company or business environment.

This dedicated page includes a summary of the threat actor's activities and behavior, a collection of related indicators of compromise (such as URLs, IP addresses, and file hashes), a list of tactics, techniques, and procedures (TTPs) and vulnerabilities exploited by the actor.

The threat actor description contains links to external sources to facilitate research, which can be especially valuable in fast-moving incident response scenarios. Polaris insights that mention this threat actor are also listed as a reference.

You can also use the "threat actor:" operator in your search queries inside Polaris to find the insights you need.

A new horizon for strategic threat intelligence

As with everything in Polaris, the new dashboard is always available and continuously updated, showing the latest data for each selected timeframe.

Consolidating all this information without artificial intelligence would be challenging. Still, our specialized Large Language Model (LLM) in Polaris can do it at scale for all industries and each attack surface map configured in Polaris.

The Polaris Threat Landscape Dashboard is your first line of defense with cyber threat intelligence – it's always there, ready when needed.