CrossLinkTM

When users first open CrossLink they are met with the words “Know More.” This ethos powers CrossLink. How can we help everyone, be it a SOC analyst, an investigator, or an incident responder, tell a better story around their own data? Search results from six synergistic verticals of network and actor-centric data quickly provide key information that can be assembled and shared across an organization with the click of a button.

CrossLinkTM Delivers

CrossLink was designed to address the deficiencies in the current marketplace by a team of analysts who have decades of hands-on experience investigating a full range of threats.

Data verticals include an unparalleled range of actor profiles, communications, historical Internet registration records, IP reputation, digital currency records, and passive DNS telemetry that jump-start investigations into actors and incidents.

CrossLink provides users with the ability to create alerts and lightweight management functions via shareable case folders. Users are encouraged to bring their own data into the platform, protected by an ISO-certified environment.

The breadth of searchable data accessible through CrossLink can be used by an organization’s: SOC teams to enrich data; risk groups to control account fraud; security teams to control access to facilities; and human resources to vet new hires.

Linking the Digital Evidence

Whether you are a threat hunter, a network defender, or an investigator, you know digital evidence does not exist in a vacuum. The fragments of data left behind from a cyber event are a multi-dimensional puzzle involving event records, actor tradecraft, and network information. Solving the puzzle reveals a person, intent, and event precursors.

That core information is often out of your grasp with traditional intelligence platforms but is critical to assessing risk, making decisions about events, and using that knowledge to build countermeasures. This is where CrossLink, a unique and peerless threat investigation and discovery platform, enters the picture.

CrossLink aggregates synergistic data streams curated specifically to provide the missing pieces and context to an investigation or inquiry. It helps users map actor behavior, penetrate obfuscation used by adversaries, and build reputational models around individuals and identifying entities, such as phone numbers, email addresses, or IP addresses.

With CrossLink, linkages, attribution information, and actionable intelligence are revealed from a simple, well-organized interface. In just a few pivots, users can go from a single data entity, such as an actor’s IP address, to attribution by assembling key pieces of data from actor and network intelligence.

Case Management and Investigations

Insights derived from CrossLink can be organized and shared using a case management feature built into the platform that supports all types of investigations. This “Investigations” feature allows users to add and organize native CrossLink data and non-native data into folders and include narrative summaries that tie the pieces together.

Once the Investigation is created, it can be shared between users, helping teams to easily communicate findings laterally and vertically inside of an organization.

The feature also allows Qintel to share existing cases that our roster of world-class analysts have assembled with the CrossLink user community. CrossLink searches will surface the Qintel-curated content if the search terms are found within the Investigation.

Diagram of how Crosslink manages data

Alternate Use Cases

Each data type in CrossLink – whether user profile information, reputational metadata, communications content, domain registration history, or passive DNS telemetry – represents a powerful foundation for supporting a number of organizational functions beyond investigations. Alternative use cases include:

Positive and negative signals graphic

Threat Hunting

The CrossLink platform is an indispensable tool to threat hunting teams. As a threat hunter, you want to first determine the scope of the threat. Is it a targeted threat or more generic? Secondly, you also want to broaden the scope of the threat hunt, finding new data pieces with which you can search internal systems to detect associated activity. Both of these questions can be answered with CrossLink’s network intelligence. Lastly, you want to assess the capabilities of the threat actor, which can be easily discovered with CrossLink’s actor and communications intelligence.

positive and negative signals graphic

Data Enrichment Lookups

Sometimes context around a data point is all one needs. For instance, security operations center (SOC) teams use CrossLink’s network information for quick insights on IP addresses: Is it a proxy? Where is it located? Are other profiles tied to it?

Email queries graphic

Due Diligence Assessments

CrossLink is also used to perform due diligence on new hires and acquisitions, as well as visitor and facility access.

Culture at Qintel

More than a job - a family, excitement, reward, and a sense of meaning and accomplishment.

Contact Us

Qintel has a security solution for all types of organizations. Please reach out to learn more about how our products can help you combat cyber-enabled fraud and attacks.