When users first open CrossLink they are met with the words “Know More.” This ethos powers CrossLink. How can we help everyone, be it a SOC analyst, an investigator, or an incident responder, tell a better story around their own data? Search results from six synergistic verticals of network and actor-centric data quickly provide key information that can be assembled and shared across an organization with the click of a button.
CrossLink was designed to address the deficiencies in the current marketplace by a team of analysts who have decades of hands-on experience investigating a full range of threats.
Data verticals include an unparalleled range of actor profiles, communications, historical Internet registration records, IP reputation, digital currency records, and passive DNS telemetry that jump-start investigations into actors and incidents.
CrossLink provides users with the ability to create alerts and lightweight management functions via shareable case folders. Users are encouraged to bring their own data into the platform, protected by an ISO-certified environment.
The breadth of searchable data accessible through CrossLink can be used by an organization’s: SOC teams to enrich data; risk groups to control account fraud; security teams to control access to facilities; and human resources to vet new hires.
Linking the Digital Evidence
Whether you are a threat hunter, a network defender, or an investigator, you know digital evidence does not exist in a vacuum. The fragments of data left behind from a cyber event are a multi-dimensional puzzle involving event records, actor tradecraft, and network information. Solving the puzzle reveals a person, intent, and event precursors.
That core information is often out of your grasp with traditional intelligence platforms but is critical to assessing risk, making decisions about events, and using that knowledge to build countermeasures. This is where CrossLink, a unique and peerless threat investigation and discovery platform, enters the picture.
CrossLink aggregates synergistic data streams curated specifically to provide the missing pieces and context to an investigation or inquiry. It helps users map actor behavior, penetrate obfuscation used by adversaries, and build reputational models around individuals and identifying entities, such as phone numbers, email addresses, or IP addresses.
With CrossLink, linkages, attribution information, and actionable intelligence are revealed from a simple, well-organized interface. In just a few pivots, users can go from a single data entity, such as an actor’s IP address, to attribution by assembling key pieces of data from actor and network intelligence.
Case Management and Investigations
Insights derived from CrossLink can be organized and shared using a case management feature built into the platform that supports all types of investigations. This “Investigations” feature allows users to add and organize native CrossLink data and non-native data into folders and include narrative summaries that tie the pieces together.
Once the Investigation is created, it can be shared between users, helping teams to easily communicate findings laterally and vertically inside of an organization.
The feature also allows Qintel to share existing cases that our roster of world-class analysts have assembled with the CrossLink user community. CrossLink searches will surface the Qintel-curated content if the search terms are found within the Investigation.