Collective Defense: Security through Community

Related products: Devo Platform
Collective Defense: Security through Community

Cyber attacks continue to increase in complexity and frequency. Talent shortage, excessive amounts of data, and the need for verified threat intelligence prevent security teams from rapidly identifying and responding to emerging threats.

Collective Defense shares high-value insights and threat intelligence with Devo customers. 


Devo Collective Defense is an intelligence program that leverages knowledge of threat activity and shares trends across the Devo user ecosystem. A feature of the Devo Platform, Collective Defense mines alert data and identifies insights, trends, and Indicators of Compromise (IOCs). These insights are then made available to Devo customers via real-time alert aggregations, investigations, and contained threats. 

Collective Defense: 

  • Analyzes customer data securely to find valuable insight, trending threats, and IOCs.
  • Provides insights by aggregating alerts, investigations, and contained threats.
  • Delivers a high-value, real-time feed containing insights to customers.
  • Drives further threat research based on customer results.


How does Collective Defense work? 


Collective Defense:

  • Provides early warnings on emerging threats through threat hunting analysts derived from Devo customer threat activity and trends.
  • Accelerates investigations by providing validated and enriched threat intel to all participating Devo customers.
  • Offers a unique advantage for Devo customers by leveraging Devo’s massive ingestion ability to scale and analyze millions of alerts across hundreds of domains. This data diversity provides a more comprehensive view of the threat landscape, and provides security teams with collective knowledge and insights, augmenting their expertise.


What information does Collective Defense make available?

Take a look:



How can I leverage the information Collective Defense collects?

You can leverage Collective Defense insights by enriching your alerts. Adding Collective Defense to your alerts is easy.  Search the IP address of the threat you are investigating and see if others have tagged it.

For example, add this line to your alert:

select ‘lu/CollectiveDefense’ (entity_sourceIP) as collective_defense


Does Collective Defense benefit Security Operations?

Yes!  The alert benefits are also included in the SecOps application. There is no need to copy/paste and pivot between websites and tabs. This eliminates manual work while providing high-value insights quickly.


Is my data secure?

Devo Collective Defense aggregates alert information only. No sensitive data is ever collected, stored, or shared with others.


How Can I learn more about Collective Defense? 

Contact your CSM to learn more about Collective Defense! Available to all Devo customers, this is a great new feature to take advantage of within Devo.

Be the first to reply!