Content

TruSTAR Enterprise Intelligence Management 3.9.12

TruSTAR is designed specifically for managing intelligence. Using machine learning and natural language processing, TruSTAR ingests, categorizes, normalizes, extracts and correlates threat intelligence. The unique Enclaves-based architecture allows for virtually unlimited scalability when it comes to both users and data.

TruStar leverages bidirectional integration with tools already used by security teams . That way companies surface the intelligence they already have to see how it relates to other internal tools and datasets. Then, working outward with dedicated sharing, TruSTAR enriches the information across ecosystems with open and closed source intelligence while simultaneously reducing the friction of sharing data.

The functionality coming from the seamless convergence of sharing groups and the fusion of intelligence and fraud tools really stood out to us. This alignment has led to the natural overlap with the threat intelligence platform market. This union provides the ability to automatically ingest, normalize, correlate, search and visualize correlations amongst data sets. TruSTAR boasts more than 60 pre-built integrations with SIEMs, orchestration, ticketing and case management which are combined, leveraging the multi-Enclave architecture, for faster investigations.

The platform features several integrations, including Splunk, which gives a good strategic overview of happenings in an environment, as well as others such as ServiceNow and ticketing system integrations. TruSTAR pulls API at the core level, so seats are not limited per person. The API construct model is based off of Enclaves.  

It offers three ways to get data into the platform: browser plug-in, TruSTAR pop-up and the email Enclave Inbox. Enclave Inbox captures content as seamlessly as possible by automatically pointing at trust group inboxes to capture content coming through. It can redact text from the original content. The data populates the same way as does the rest of the reporting options. The contents and correlations generated are viewable.

Analysts can view original content and observables in the Report Visual Map, which includes a timeline slider to watch events unfold over time. This map allows analysts to more efficiently see correlations around different datasets so they can understand what occurred with extensive granularity.

From a teaming aspect, TruSTAR is a collaborative platform. Mentions in a report send a notification to the tagged individual and link back to the referenced report and what is highlighted. Analysts can share notes internally. Additionally, an Enclave Chat functionality, in which each Enclave contains its own chat channel and keeps reports organized. Reports are easily exportable and searchable. The platform indexes all content contained within the reports for quick location and searches.

Starting price is $96,000. Gold level support includes 24/7email support, 8/5. Upon logging into the dashboard, a tutorial populates to help you get started. However, we found the tutorial to be overly succinct. Professional Service support is offered as well. Phone, email and website support include FAQs and a knowledgebase. We recommend building out this knowledge base as we struggled in finding instructions on how to get started.

Tested by: Matthew Hreben

Product title
TruSTAR Enterprise Intelligence Management 3.9.12
Product info
Vendor: TruSTAR Contact: www.trustar.co Product: TruSTAR Enterprise Intelligence Management 3.9.12 Price: $96,000
Strength
The functionality from the seamless convergence of sharing groups and the fusion of intelligence and fraud tools.
Weakness
We recommend building out this knowledge base as we struggled to find instructions on how to get started.
Verdict
TruSTAR enriches information across ecosystems with open and closed source intelligence while simultaneously reducing the friction of sharing data.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds