400K Augur Predictions Confirmed Each Year
Recent work by our research team surfaced some very interesting stats that put into context why the platform’s predictive intelligence is such an important component of any threat intel program. On average, Augur produced +400K predictions per year that are then confirmed to be malicious by 3rd parties. This is a significant lift for any threat intel program. And those predictions are made 40 days before the first confirmations even in the year a prediction was made. Another key finding is that even six years after a prediction is made there are still a significant number of first confirmations.
Many of these predictions turn out to be IPs used for consumer malware, phishing or other not-so-glamorous threats. But a big part of Augur’s impact is its ability to predict infrastructure associated with novel threats like we did last year with SolarWind, Colonial Pipeline, Log4jShell and a number of others.
To compile these numbers our team looked at predictions made between 2017 and 2019 to see over time how many total IPs would be confirmed by 3rd party intelligence sources and when these predictions were confirmed. Although there is some variability from year to year, even over this three-year run we can see some patterns.
The Value of Predictive Intelligence
Here are a few key observations that speak to the value of these predictions. Of course, this is not the only value our predictive intelligence provides.
- At the top level, every year Augur makes +/-400k predictions that are later confirmed to be malicious. No matter how you look at it, that's a lot.
- On average, over the life of a prediction it will have given Augur users just over 400 days of advanced warning. That is a 400 day head start where we can automate blocking or your team can block a threat before traditional threat intel identifies the threat.
- In the first year of a prediction (which is the busiest for confirmations), Augur provided an average of 40 days warning before 3rd party threat intelligence flagged an IOC as malicious.
- Even in years 4, 5 and 6 of a prediction there are a significant number of confirmations that tells us that cybercriminals continue to use and re-use old infrastructure for a considerable period of time.
Coming Soon - The Power of Association
One of the most powerful features of Augur is its capability to generate and attribute IOCs to Threat Actor Groups. These threat actor groups go beyond the typical APT groups and help identify shared infrastructure being used by multiple groups. Looking at this information and combining it with IOC activity, Augur is able to predict entire ranges and in some cases even entire hosters that should be blocked based on who is using them. We’ll explore some examples in the next post in our Value of Predictive Threat Intelligence series.
Prove It To Me
We get it. These predictions are startling, and you want to know if they are real. If you’re interested in seeing how Augur works and how Augur’s predictive intelligence can improve your zero-day protection and overall security posture, email us at firstname.lastname@example.org.
Proactive Defense for Better Protection
Reactive threat intelligence solutions only protect against documented threats. Augur’s predictive intelligence looks beyond current threats. It leverages machine learning and artificial intelligence to model threat actor behavior - Identifying the build-up of attack infrastructure an average of 51 days before an attack launches. And with a false positive rate of less than 0.01%, you can trust Augur’s predictions - as demonstrated, provide a valuable layer of proactive protection. Our unique predictive threat intel combines with Augur’s enforcement orchestration and automation and rich threat hunting environment to improve protection and streamline SOC operations.
Check Out Augur on our Website
You can learn more about how Augur PDR works here and how it solves real-world security problems here.