DIARIO: One More Weapon in Thehive’s Arsenal

Andrés Naranjo    1 June, 2021
DIARIO

We already know that the weakest link in the cyber security chain is the user. Studies show that the main reason why a cyber-attack on a company is successful is because of the email entry vector. The whole disaster often starts with an email with an attached file.

Therefore, Telefónica Tech has developed a technology that tackles the problem of analysing office documents in a totally innovative way: DIARIO. Now, the famous cyber security incident response platform (SIRP) TheHive, has included the possibility of integrating DIARIO in its systems.

DIARIO is a technology 100% developed by the ElevenPaths Innovation Area and Laboratory. It is part of the new Telefónica Tech, whose artificial intelligence engine is capable of scanning documents to detect signs of malicious code used by cybercriminals, giving the user a quick and convenient verdict about its danger.

DIARIO: Not Another Antivirus

DIARIO’s ability, using artificial intelligence, to detect common elements used to introduce malicious code into office documents is extremely useful in those areas where the antivirus cannot help, making it a truly effective detection task. DIARIO does not try to replace traditional antivirus, it complements them by doing a totally different type of analysis on everything that has not been able to be detected by traditional antivirus methodologies, usually based on signatures. DIARIO is very effective in what ” escapes ” the detection of antivirus software.

Privacy as The Core of DIARIO’s Design

DIARIO is entirely focused on business use and therefore, given the possibility of document confidentiality, it has been designed for confidentiality. Often, in case of suspicious files, employees use as additional virus-free validation online file scanning platforms that record and store both the information and metadata of those documents they receive. This can pose a serious privacy problem because of the sensitive or confidential content stored in these documents. DIARIO, however, only extracts those parts of the documents that could be suspicious to be analysed, and never the content of the document itself. So the sensitive or confidential information contained in the document does not circulate or is not stored in any way outside the corporate environment, maintaining the privacy of that information.

TheHive

DIARIO’s trained artificial intelligence is also available for use or integration through other tools or technologies thanks to its developer interface (API). This is why it is very useful as part of TheHive.

TheHive is a cyber security incident response platform (SIRP) that is responsible for receiving alerts from all our cyber security technologies (SIEM, IDS/IPS, firewalls, etc…). TheHive is a highly automated platform and ready to be integrated with other technologies to improve its efficiency and functionality. In this way, from TheHive, using DIARIO’s artificial intelligence, we can directly scan suspicious files that arrive attached to an alert, thus making a quick and direct analysis of the content of office files that allow an automatic early warning in case of malicious files.

DIARIO is a cross-platform solution that runs on Windows, Linux and MacOS, and can be run directly in the cloud, from the Office365 webmail client as well as in the Outlook desktop application.

You can test DIARIO’s document analysis capabilities quickly and easily from its website: diario.elevenpaths.com.

If you are interested in enjoying the benefits of DIARIO in any of its forms, you can contact Telefónica Cybersecurity & Cloud Tech by filling in the related form on the DIARIO site: diario.elevenpaths.com or in the following email: lab-tcct@telefonica.com.

Leave a Reply

Your email address will not be published. Required fields are marked *