If you don’t know what a Threat Intelligence Gateway (TIG) is, and you are in the cybersecurity industry, you should. It’s a new class of solutions solving a substantial delta between actually leveraging threat intelligence for a real-time defense, and network security.
New and emerging. Next –generation. Revolutionary. All with machine learning and artificial intelligence and a major league enhancement to detection and response. Right? So enter all the buzzwords here I suppose…
Yes and no. Yes the tech is new. And based on the powerful capabilities, the market is on the cusp of getting hot. And yes because Centripetal’s TIG technology is integrating both machine learning into its algorithms, as well as AI to further analyze, correlate and slice and dice existing threat intelligence to get faster results across hundreds of millions of indicators.
Threat Intelligence Gateway Market | Validated.
So you know I am not just throwing FUD at you – the TIG market is garnering attention across the analyst community, primarily because of the potential disruption it represents.
First, ESG Global’s Jon Oltsik just authored interesting blog in CSO on what’s to come in 2018 for Advanced Prevention…not Advanced Detection! Everything we have heard in the past 18 months has centered around enhancing detection and improving response.
The reality is if teams can prevent 90% or more of threats, and use intelligence to do it with a TIG platform, why not remove the need for detecting more threats from the analyst’s workload? If some new technology delivers moderately better detection, it just means more hunting and investigation work for anyone in the SOC. And its not what they need.
His position is that the major hurdle this new class of solutions delivers is that it removes labor-intensive process of scoring and blocking at-scale. And up against firewalls, his position is they don’t work for this use case “…Because they are incapable of tracking/blocking the volumes of threats that purpose-built threat intelligence gateways can.”
There you go. Firewalls cannot scale to handle the available threat intelligence for prevention purposes.
Gartner’s Lawrence Pingree just released an Emerging Technology Analysis report on the Threat Intelligence Gateway market, highlighting the technology drivers, use cases and key capabilities that end-users should consider in evaluating this class of solutions. His blog and his perspective on why this market has emerged is interesting.
What’s exciting is this report establishes that Threat Intelligence Gateways (TIG’s) can be categorized as their own emerging market. Gartner is the first of any analyst firm to effectively capture fundamental need for TIG technology.
According to Pingree in his blog, TIG technology is essential to “improve prevention capabilities based on shared infrastructure intelligence, delivering a new method of moving beyond our existing capabilities in order to have more granular, intelligence-lead traffic control.” Leveraging threat intelligence for intelligent network filtering – out in front of the firewall. This is the power of this technology.
Taking massive batches (hundreds of millions) of IOC’s (indicators of compromise) and filtering them down to complex rules and rulesets (5-7 million with Centripetal) to enforce on (block, shield, mirror) is one of the major accomplishments certainly for Centripetal.
But then being able to refine enforcement based on deeper, more granular filtering, pcap and policy mapping makes this technology become an essential and dynamic component of any network filtering activity
Going beyond traditional network security enforcement capabilities is necessary to automate preventative controls for today’s security analysts. There is no longer any reason that a reliance on firewalls and IPS systems should be the de facto platform for enforcing on IOCs and Centripetal is ready to prove it. Game on!