Visa Threat Intelligence customers use a variety of tools to operationalize IoC data. We recommend incorporating it into your cybersecurity operators and Incident preparedness and/or response workflow to provide teams with powerful threat detection and breach prevention data. Common use cases for Visa Threat Intelligence include:
SIEM Integration: Correlation of IoC’s with log data. Analysts create rules and alerting mechanisms to assist in breach identification, incident response and remediation.
Endpoint Security: Clients utilize the VTI API to configure endpoint monitoring for IoC’s. This allows merchants to run endpoint scans for threat hunting on files and connections found in the VTI feed.
Firewall: IP addresses and domains from the IoC feed which are known to be malicious and unnecessary for daily operations can be blocked/quarantined/monitored at the firewall level to prevent connections and quickly detect malicious activity.
Third Party: Threat Intelligence Platforms & Gateways, Simulated Breach & Penetration testing, Operation Management and Services.