The Centripetal Blog

Centripetal + ThreatSTOP: Weaponizing Threat Intelligence for the Most Dangerous Threats

Posted by Centripetal Networks Inc. on December 14, 2017

Centripetal has long taken a stance that its not good enough just to HAVE threat intelligence – you need to be able to actually do something with it.

And by actually doing something with it, we leverage key partners we work with to deliver different types of intelligence to customers that might be industry-specific, threat-specific or domain-specific.

The key benefit for any Centripetal customer is that Centripetal delivers the capability to literally distill hundreds of millions of indicators down to specific rules and policies. However, its not possible without the data we get from our partners, especially critical indicators from dynamic providers, but commercial and open source.

We integrate the ThreatSTOP feed in our CleanINTERNET service, our Threat Intelligence Gateway technology. The unique thing about TheatSTOP is there are multiple ways that their intelligence can be applied to preventing highly dangerous and sophisticated attacks, including some of the nastier ransomware viruses like WannaCry that have had a lasting impact on the companies that were hit.

A great example of taking threat ThreatSTOP intelligence and applying very specific policies through their user-defined list (UDL) feature is actually visible in their example with WannaCry. You can read more on the ThreatSTOP blog here.  

The basic idea is sure you can whitelist an IP address or a domain with ThreatSTOP, and then you can apply the necessary policy. In the case of WannaCry, there was a kill switch within the virus, that at a certain point along the way in the attack, a DNS query could be performed to access that switch.

With ThreatSTOP’s capability in the wake of a ransomware attack like this, the domains and the IP addresses can be found by the machines that are detected to be reaching out to access the kill switch. Hence UDL policies are applied to those domains and IP addresses. And that enforcement mechanism is going to be “block.”

In summary, the level of intelligence, and the focus of the intelligence are variable between intelligence providers, and providers who generate intelligence feeds.

The Centripetal platform becomes arguably the biggest force multiplier with comprehensive intelligence that already has built-in policies that are indicators the way see the incoming feed – but that we in turn convert to a similar policy for customers, so that we can enforce (block, allow, shield) on behalf of our customers, so that bad traffic doesn’t hit their network.  

Centripetal and ThreatSTOP are working together to deliver the most up-to-date protection that is intelligence-led for the attacks of tomorrow.

You can learn more about ThreatSTOP on their blog here. You can also learn more about CleanINTERNET here and you can start a free trial here

Tags: Centripetal Networks, ThreatSTOP, Theat Intelligence, WannaCry, Ransomware