Albany-based cybersecurity company Defend is launching a protective service powered by local threat intelligence from the National Cyber Security Centre (NCSC) and CERT NZ.
The threat hunting service, dubbed Sherlock, is powered and secured by Defend's own intelligent cybersecurity ecosystem (ICE) and by the Wellington-based Cassini's cyber threat intelligence (CTI) service.
Defend said Sherlock provided threat intelligence indicators that were relevant to New Zealand and which could be fed into organisational environments for threat prevention, detection and disruption.
Defend described Sherlock as a "unique threat hunting node" that can be embedded within incident response services to enable organisations to become proactive in the hunt for potential threats.
The service uses both the Malware Free Networks initiative by the New Zealand’s National Cyber Security Centre (a department of GCSB) and the CERT NZ phishing indicator feed through a partnership with Cassini CTI.
Cassini is an expert in the field of developing STIX2/TAXII2 threat intelligence feeds and both produces and consumes these via application programming interfaces (APIs).
"There are many security products in the market that include built-in threat intelligence as part of their solutions, however, security products do not provide curated lists of New Zealand-relevant threat intelligence that can be made operational and specific to your organisation and the markets and industries in which you operate," Defend said of Sherlock.
Further, threat intelligence built into security products is often invisible to the customer and cannot be used to provide retrospective searches across customer environments.
"We believe this is a very unique and hugely disruptive service that has not been seen integrated like this before," said Defend CEO Nigel Everett, who added that the intent was to develop this service so it could be white labelled to resellers to help New Zealand organisations defend themselves using New Zealand specific threat feeds.
Last September, Defend released its ICE managed security service into Microsoft's global marketplace.
Built on the Microsoft security platform it was developed to help customers to rapidly adopt, deploy and use secure cloud services, focusing on Microsoft Azure and Microsoft 365.
Everett told Reseller News it is now supporting global organisations operating across 66 countries.
"We have been incredibly grateful to Microsoft, and not just the incredible New Zealand team, but also their global team in the US and Asia for enabling us on this journey," Everett said.
"For the Defend team being part of the Microsoft Marketplace has helped our small New Zealand start-up increase our profile into global markets."