I wanted to take a minute to share some thoughts and reflections I had over the holiday break about our new Insights database. We recently launched what we believe to be a cutting edge, searchable database of analytics surrounding the behavior of Windows processes in the wild. We made much of it free in the beginning and then began to hold back some of the data and analytics in favor of paid plans. That approach made sense from a business perspective, but never really sat well with me otherwise. We want to be giving back to the community as much as possible. Cyber-security is a hard field for outsiders to break into, and there is so much to learn for entrants into the field.
We want to be a part of those helping to educate and give back, and we believe our Insights database can contribute a small piece to that effort. For that reason, among others, we’ve decided to make our database completely free to search for everyone, and we hope to be able to continue to do so for the foreseeable future. While we’ll still charge for automated API access, we believe there’s too much valuable insight ;) packed into our dataset to hold behind closed doors. With that said, please go forth and search away and we’ll keep adding more and more data and insights for you to uncover.
Our goal is to make the Insights dataset as wide and deep as possible and to follow an API-first strategy. Nowadays, automation is a given in most security organizations and we want to enable security teams to quickly and easily bring additional context into their existing workflows and to give their analysts a helpful leg up in triaging and responding to alerts. In most detection spaces, especially endpoint detection, alerts will involve a file or process and usually include an identifying hash or filename. Having worked as analysts and assembled teams of analysts ourselves, we know firsthand that as an analyst you want all the context you can get, but you don’t necessarily want to have to open 37 tabs in your browser to get it all. With the emergence of Security Orchestration and Automation (SOAR) platforms, bringing in additional data and context is getting even easier. We're working with SOAR and SIEM providers to make our data available directly through those platforms.
We’re a young company and while our new Insights product has existed for a few years in our minds, it only recently came into existence. We aspire to make it one of a handful of go to place for hashes and filenames and have plans to expand our platform coverage and deepen the insights that we make available. That being said, we could use your support. If you have feedback, or want to contribute data, analysis or help in another way, please reach out! We believe strongly in partnerships and know that we’ll only reach our lofty goals working with others to get there.
Thanks for reading!