The LookingGlass scoutPrime threat intelligence platform (TIP) integrates enterprise-grade external security threat information with information on internal architecture and security information to create actionable, prioritized risk scores for threats.
The TIP provides security professionals with accelerated analysis of how threats might impact the organization and how to counter those threats. This article provides more in-depth information on the product and its features.
For a comparison with other TIP products, see our complete list of top threat intelligence companies.
Company Description
Spun out from the U.S. National Security Agency (NSA) in 2009, LookingGlass Cyber Solutions provides three threat intelligence analysis products: a threat intelligence platform (scoutPrime), a threat modeling tool (scoutThreat), and an attack surface monitoring solution (scoutInspect). LookingGlass is a privately-held company based in Reston, Va., with an estimated 300 employees and more than $100 million in funding.
Product Description
The LookingGlass scoutPrime tool incorporates more than 100 threat feeds to provide the latest intelligence on malware, indicators of compromise (IoCs), malicious URLs, and malicious entities. Augmenting it is a worldwide team of security analysts who continuously enrich the data feeds and provide customers understanding and response capability into cyber, physical and third-party risks.
With this TIP, analysts can deliver guidance to stakeholders via flexible analyst workflow, third-party risk monitoring, and customizable threat intelligence scoring. “Prioritized, relevant and timely insights enable customers to take action on threat intelligence across the different stages of the attack life cycle,” the company says.
scoutPrime also delivers the following features:
- Dynamic internet footprinting: monitor and analyze internet-accessible assets and networks to detect connections to known command-and-control nodes
- Risk scoring and prioritization: a proprietary Threat Indicator Confidence score ranks threats based on the attack surface, an organization’s environment, and threat landscape
- Integration with additional tools such as geolocation, pDNS, Shodan, and WhoIs/Reverse WhoIs
- Data aggregation: Aggregates, indexes, and normalizes data sources, proprietary indicators, and intelligence feeds
- Real-time alerts available through email for new vulnerabilities, exceeded thresholds, and workflow triggers
- Relationship monitoring classifies assets into groups and subgroups to monitor and develop categorized risk profiles
- APIs and integrations export threat intelligence to security appliances
- Reporting: Unlimited automated and on-demand management reports and scorecards
Agents
LookingGlass does not use agents.
Markets and Use Cases
LookingGlass is suitable for all verticals, with particular uptake when utilizing it in a third-party risk monitoring capacity. With roots in the NSA, the four main sectors adopting LookingGlass include defense, energy, financial, and government.
Applicable Metrics
LookingGlass scoutPrime scales to meet the demands of global top 50 companies. More than 140 sources of threat data are gathered, ingested, aggregated, normalized, enriched and analyzed to create threat intelligence.
Security Qualifications
STIX & TAXII 2.0 compliant. It is deployed in secure governmental agencies and healthcare facilities.
Intelligence
It includes machine-readable threat intelligence.
Delivery
scoutPrime is a cloud-hosted SaaS product.
Pricing
No specific pricing details are available through the LookingGlass website. Documentation shows that scoutPrime licenses scoutPrime separately as part of the LookingGlass Suite.
This article was originally written by Drew Robb on July 18, 2017, and updated by Chad Kime on February 10, 2023.