Content Library

Eliminating threats is a team effort. Effectiveness depends not only on the quantity, but the quality of your data. The more data and use cases you have, the better chance there is to detect and stop potential threats. But when seconds matter, it’s not enough to just have access to data. You need it at your fingertips so you can take swift action before threats become issues. Our unique Content Library enables us to rapidly turn massive amounts of information into actionable solutions. Find out how we’re giving our customers a measurable advantage.

Take Action with More Data

The deepwatch Content Library is a content distribution and management platform that serves as a repository of custom security use cases developed by deepwatch. These use cases include threat detection signatures, risky authentication behavior searches, automated response workflows, anomalous network activity and more. Content in the Content Library represents the business and security requirements of each and all of our customers.

How it Works

We ingest log data our customers provide to us from various systems, applications, network devices and more. We then normalize the data using the Splunk Common Information Model (CIM), enrich it with Cyber Threat Intelligence (CTI), then automatically run the use cases we store in our Content Library against that data. This enables us to detect and respond to more threats for all of our customers in their unique environments. As deepwatch responds to threats, we augment the use cases and add them and their detection to the Content Library, allowing for better threat detection in the future across all of our customers.

Customer environments are updated with regular releases of the Content Library. This allows deepwatch to ensure that any security use case we develop for one customer automatically gets applied to all other customers and the benefit is democratized. Our ability to secure all our customers at scale drives cross-squad and cross-industry vertical security collaboration, threat intelligence sharing and security best practices deployment.