What is Omnisense?
Omnisense is an ecosystem of hardcore internet sensors and scanners that are gathering information on the internet itself, at scale and around the clock. Partially funded under the IARPA CAUSE program, it produces truly massive volumes of data, within which we’ve found some really interesting and valuable signals that can be integrated into a security model to help protect your network. When combined with machine learning and data analysis, the Omnisense data stream can foretell the onset of several classes of malicious and suspicious cyber events, potentially days ahead of when they reach your network. The Omnisense ecosystem components are described in more detail below.
JScan, as the name indicates, is our set of scanners that are actively collecting data via rapid deep scans across the internet on publically connected devices. For a given host, JScan generates an in-depth host profile which includes all the software being run on the host, any domain names associated with the IP address, and a security threat score based on the host profile and observed activity. Our scans create a really great list of known hosts that we can reference whenever we see malicious or suspicious traffic on one of our sensors.
Corona is a set of highly sophisticated, globally distributed adaptive honeypot sensors that monitor the “background radiation” of the internet. Malware botnets, brute force attacks, scanners, and many other activities are a normal part of the broad internet. Our sensor network captures these traffic patterns in real time and uses it to identify the early onset of cyber events. Armed with this advance notice, security teams can proactively block IPs or tailor SIEM and firewall rules before an attack happens.
The Omnisense data and analytics are available via API and a web front end. All the data is searchable, and our API supports correlating and cross-referencing data sets, such as internal pcaps or logs from other tools.
We know some enterprise policies might make using our awesome API difficult, so we also generate a daily report that can easily be ingested into your existing security workflow. These reports contain detailed information on every malicious or suspicious host we’ve observed in the Omnisense ecosystem over the past customizable time scale (e.g. day, week), including the host profile and its most recent and historical activity. The daily reports can also contain alerts for new cyber events that your security team can be on the lookout for.