What is Silent Push?
    • 28 Jan 2024
    • 3 Minutes to read
    • Dark
      Light

    What is Silent Push?

    • Dark
      Light

    Article Summary

    Silent Push is an enterprise threat intelligence and threat hunting solution that contains a vast range of first-party datatypes, queries and workflow-based operations to generate actionable insights, and identify new threats to your organization before they launch.

    Our data

    Our data is all our own.

    We perform daily scans of the Internet's entire IPv4 range, and enrich domains, URLs, IPs and DNS records by applying 80+ distinct indexed characteristics, including traceable content hashes and certificates.

    Our first-party database tracks global Internet-facing infrastructure and alerts security teams to emerging and realised threats, via the most comprehensive view of the Internet available anywhere in the world.

    Mission

    We focus on proactive, data-driven threat hunting and CTI data that combats the weaponization of attacker infrastructure before it becomes a threat. In doing so, we aim to make threat intelligence operations more efficient, more effective, and more accurate for security teams and organizations across the globe.

    Key functions

    Threat intelligence management

    Silent Push corroborates all the constituent elements of a threat intelligence operation - feed ingestion, workflow-based profiles, reputation scoring, enrichment etc. - into a unified management console that allows organizations to combat attacker infrastructure before it's weaponised, and export data to internal security products for further analysis/action.

    Digital threat management

    Brand impersonation attacks are among the most common security risks an organization has to deal with. Threat actors are constantly developing new attack vectors to masquerade as trusted brands in order to direct traffic to malicious domains including certificate exploitation, domain and email impersonation, and content spoofing.

    Silent Push provides a comprehensive bank of anti-impersonation queries that allow organizations to proactively and pre-emptively scan for threat actors seeking to pass their own infrastructure off as that of a legitimate brands.

    Attack surface mapping

    Silent Push allows organizations to identify and analyze all the possible ways that an attacker could exploit a system or application, including entry points, interfaces, DNS vulnerabilities, digital footprints and other potential vulnerabilities.

    We provide security teams with a comprehensive understanding of the potential vulnerabilities of any given system, which can then be used to develop bespoke countermeasures to mitigate any associated risk.

    Once an organization's attack surface is mapped, it becomes easier to prioritize security efforts, identify weaknesses and allocate resources to address the most critical vulnerabilities first.

    Observable enrichment

    Our platform takes a standard observable (domain, IP or URL) and enriches it by analysing over 70 attributes that provide a comprehensive assesment of origin, risk levels, location (digital and geographic), accompanying DNS records and any associated passive DNS data.

    Each observable is enriched by displaying data from the following categories:

    1. Basic domain information
    2. WHOIS information
    3. DNS records
    4. IP diversity
    5. Nameserver information, including changes
    6. Its presence in any curated threat feeds
    7. Certificate data
    8. Content analysis (JARM, HTML, headers, favicons etc.)

    Monitoring

    We provide security teams with the ability to monitor queries across the Silent Push platform, with daily changes in datasets communicated via email, allowing organizations to free up resources that would otherwise be spent re-running scans and scouring outputted data for any changes.

    Monitored queries are able to be saved to individual user accounts, or shared as organizational queries among groups of security personnel.

    Platform access

    Silent Push features two subscription options - Enterprise and Community.

    The Silent Push Community app contains domain/IP queries, record lookups and anti-exploit tools free of charge that allow organizations to conduct powerful scans that serve a range of security-based workflows.

    An Enterprise subscription contains all the features of the Community app, along with access to Silent Push's database of enriched threat intelligence and early detection feeds, along with an increased number of profile seats and API calls.

    Early Detection Feeds

    The Silent Push platform includes numerous feeds that track domains and IPs associated with various attack vectors and APT activity.

    We also track data across a broad range of licensed and open-source C2 frameworks, including:

    • Cobalt Strike
    • Merlin
    • Deimos
    • Posh
    • Mythic
    • Metasploit
    • Empire
    • Covenant

    Research

    Our team conducts regular research on emerging TTPs, specific campaigns, high-profile threat actors and defense techniques that have been used by US Government agencies, private sector defense groups and high-profile industry forums across the globe.

    Silent Push API

    The Silent Push API allows organizations to feed enriched threat data collected via a Silent Push Enterprise subscription into an existing security stack - through code snippets exported in Python, via the command line, as a URL or PHP - with a valid API key.


    Was this article helpful?

    ESC

    Eddy, a super-smart generative AI, opening up ways to have tailored queries and responses