Democratizing Security Intelligence with Forcepoint Dynamic Intelligence Manager

Let's look at the cool features!
Dynamic Inteligence Manager was built with modern organizations in mind: it does the job automatically, with minimal resources, in a completely transparent way and with the ability to scale without the usual mix of updates and upgrades.

First of all, DIM runs on any docker host (with just 2GB RAM and 2 vCPU) taking installation complexity out of the equation. The docker image is provided free of charge, with no registration necessary and it's only 70 MB in size! If you were to use it 24x7 for an entire year on AWS (using an EC2 micro instance) the TCO would only be around $50.

All modules are installed using the UI of DIM itself: you click on the 'Marketplace' tab and click to install the module. In a few instants a container for the module is deployed and the module is available for configuration: after that the module is ready to go and will keep working at recurring intervals as set by the user. Anytime Forcepoint creates new modules, they show up automatically in the Marketplace: you don't need to go through updates and upgrade to add new functionalities.

But did I not mention how DIM is developer friendly? Developers can build custom modules simply following the public DIM documentation. DIM is language agnostic and modules can be written in any language as long as they abide to the API contracts. All modules developed by Forcepoint are written in Go or Python, due to ease of development, performance and reusability and then built into docker images for portability.

Organizations with extremely tight security policies might want to look under the hood before running a new tool in their infrastructure. No problem! Source code of all modules used by DIM is publicly available inside Forcepoint's GitHub and can be inspected before DIM is deployed. Furthermore, DIM is licensed with an Apache 2.0 license, which allows developers to build on top of our work. More importantly: there is no tracking or telemetry in place so your intelligence and the use you make of it stays private.

Last, if you have been using something similar in the past, you might have witnessed false positives triggered by automated tools that went a bit too far. DIM comes with a Safelist feature which enables users to define known safe elements (e.g. your corporate domains, public IPs of your workloads and resources across geographical locations) and elements in the Safelist will be filtered out before the export takes place, so that no downward product will ever receive false positives.

What's Next
Forcepoint is actively developing Dynamic Intelligence Manager, so that new intelligence types and modules can be available to users to further enhance their intelligence vault built on DIM. For example, we are working to ingest, store and export SNORT signatures and SHA256 file hashes with the same ease of use currently available for all other intelligence types.

In the meantime, if you want to learn more and try Dynamic Intelligence Manager in your organization, use the following links: