Centripetal Networks

 

A fully integrated, cyber threat intelligence driven, network defense solution for your network, datacenter, and private cloud.

 

 
























 

Dynamic Threat Intelligence

 

Advanced Cyber Threat (ACT)®
An intelligence service that synchronizes critical data feeds from vendors and communities of threat intelligence, including open source, normalizes and delivers threat intelligence to RuleGATE.
read more 

High Performance Gateway

 

RuleGATE®
Gateway devices deploy at the enterprise network perimeter and alert/block using cyber security policies based on threat intelligence. RuleGATE can handle the volume of ALL of the relevant sources of threat intelligence.
read more 

Visibility Dashboard

 

QuickTHREAT Analytics Manager®
Visualizes a host of threat intelligence based activity and provides instantaneous internal host-correlation, simplifying the process for identifying compromised systems in even the largest of organizations.
read more 


"Knowledge about adversaries and their motivations, intentions, and methods." - iSIGHT Partners

 

Command and Control

Malware

Threat Actors

 

Threat intelligence in its most basic form, is Indicators of Compromise (IoCs), such as an IP address associated with command and control infrastructure, malicious phishing domain names, or URL paths to download malware.

 

Reporting and context informs and relates this information in a meaningful way. Who is behind this attack? What are they looking for? Why are they coming after me? Threat intelligence provides relevant context to organizations to prioritize and defend against the changing threat landscape.

 

Commercial Intelligence

















Industry & Community Intelligence




 

Threat Intelligence Platforms





 

Enterprise Security





 

 

By requiring heavy integration everywhere.

 

 


The challenge of managing threat
intelligence across the enterprise

Manually processing the data, understanding the reports, and creating the types of rules for the existing security devices is a time consuming effort. It's no wonder the largest complaint about threat intelligence is the inability to keep up and take action on the data.

 

Challenges with this approach:

Operator Intensive Inefficient Process
Complex Log Queries Enforcement Limits
Overwhelming Datasets Multiple Standards

 

 

By keeping up to date dynamically.

 


Automatically apply Machine Readable Threat Intelligence (MRTI) in your network

It's not enough to detect advanced threats in your network. By then, it's too late. Centripetal turns cyber threat intelligence into protective action on the network. A majority of the hacking events that have occurred in the news have had cyber threat intelligence related to the threat in advance. By leveraging this intelligence, we are able to block this activity in the moment, rather than react.

 

In order to keep up with the volume of intelligence, we must be able to do so dynamically, machine-to-machine. Machine Readable Threat Intelligence (MRTI) is available in kinds of formats and update intervals. By automating the effort to keep up with the data, analysts are able to focus on the important tasks and improve their efficiency.

 

Types of Threats:

State-Sponsored Cyber Crime
Hacktivist Newly Registed Domains
APTs Malware

 

By addressing the large information challenges.

 


Approximately 3-5K malicious domains are registered every day

Every day there are approximately 130K new domains which are registered, of which analysts estimate 3-5K daily are for malicious activities. The challenge of keeping up to date with that growing list of malicious domains is a monumental task, but with threat intelligence feeds, the data can be updated across the infrastructure in real-time, dynamically protecting against these malicious attack sources.

 

Organizations are already seeing results by enabling feeds specifically to deal with newly registered domains. Just preventing access to domains that are only 1 week old, requires approximately 1,000,000 Domain Name Indicators. These indicators are updated dynamically every night as these domains are registered. Blocking this network activity significantly reduces risk.

 

By leveraging the threat analyst community.

 


Thousands of analysts in your defense

Threat intelligence is currently being produced from the work of thousands of cybersecurity analysts around the globe. From commercially available to open source, the IoCs, i.e., IP addresses, ports/protocol, domain names, URLs to malicious content, are being reported, with context.

 

IoC types supported:

IP Addresses Domains
CIDRs Hostnames
IP 5-Tuple URLs/URIs

 

By closing the gap from discovery to protection.

 


Threat intelligence indicators are updated across
QuickThreat® Gateways within seconds

As cyber analysts produce reports and evaluate new malware, or track a threat actor's changing infrastructure, this information becomes extremely valuable. Often times, the challenge lies in getting the information distributed to the organizations that need to be aware of the threats. The time from discovery and sharing of threat intelligence to application in the network's defense is reduced to seconds.

 

 

Gartner defines 3 key stages for an effective threat intelligence strategy: Acquire, Aggregate, Action.

 


Threat Intelligence Technology Strategy

Gartner provides a roadmap for a security strategy leveraging Threat Intelligence. In that strategy, products and services map to 3 key areas, Acquire, Aggregate, and Action.

3 Keys to a Threat Intelligence Strategy

  • Acquire - While Centripetal does not directly provide researched threat intelligence, the QuickThreat Platform connects organizations to over 40 sources of threat intelligence; Open Source, Community/Industry, and Commercial.
  • Aggregate - Centripetal's Threat Intelligence Gateway leverages an aggregation technology that collects, normalizes, and updates Threat Intelligence from a variety of sources, at update intervals critical to maintaining relevance.
  • Action - Centripetal's Threat Intelligence Gateway was designed from the ground up to scale to the demands of even the largest network environments. A single appliance is capable of supporting networks and datacenters of all sizes, blocking malicious traffic at an unmatched scale.

 

 

A dedicated platform that simplifies the collection, management, and action of threat intelligence in network defense.

 


Protect your network using Threat Intelligence

QuickThreat® is a Threat Intelligence Gateway (TIG) with real-time attack visualization and analytics. TIGs protect networks from a variety of cyber threats including hacktivists, cyber criminals and hostile nations, as well as campaigns involving malware, spam, phishing, and scanning. QuickThreat intelligence policies are fully automated with Centripetal’s threat intelligence subscription service.

Requirements of a Threat Intelligence Gateway (TIG):

  • Consume Threat Intelligence Directly
  • Provide Options for Policy Management
  • Operationalize Threat Intelligence

 

 

Achieve unparalleled performance from a purpose built appliance.

 


QuickThreat Gateways handles 125x more indicators than
the most powerful Next-Generation Firewall
(NGFW) available

Current firewall devices provide several functions in a single device. Perimeter defense, remote access (VPN), and application layer network inspection are common functions of the traditional firewall. When all of these functions are combined in a single solution a performance tradeoff is reached that reduces network throughput. Additionally, firewall devices that enable threat intelligence are generally restricted in indicator count due to a limit of 10-20K bi-directional rules (40K Total).

 

QuickThreat Gateways currently supports over 5 million indicators at full network performance, up to 10Gb/s in a single device, with no degradation at full capacity. This increase in capability, without complexity, prevents valuable intelligence from being aged out to keep up with the latest threats dynamically.

 

 

We provide real-time enforcement and enrich your SIEM.

 


QuickThreat sends events to the SIEM with applied
threat intelligence context in real-time

QuickThreat Gateways output event logs to most SIEM devices in Common Event Format (CEF) with threat intelligence context at the moment of the event. This significantly reduces time to discovery, often from months to seconds, and also helps burdened security analysts prioritize their efforts, increasing the security effectiveness of the organization.

 

 

No. It's a one day deployment.

 

Security Stack Integration

Flexible Configurations

Standard Rack Installation

 

Typical network deployments usually take only a single day to install, configure, and analyze network traffic. QuickThreat Gateways are most effective when installed at each Internet facing link, outside the firewall security stack. Due to the performance of QuickThreat Gateways, often 1 or 2 devices can support an entire datacenter or corporate headquarters. Additional deployment use cases are available; please contact us for more information.

 

 

By deploying the QuickThreat Gateway between the Internet edge router and the firewall security stack.

 


QuickThreat® alerts and blocks events in real-time

 

When deployed in-line, outside the firewall security stack, QuickThreat® Gateways alert and block network traffic in real-time using dynamically updated threat intelligence. Internal TAP infrastructure provides internal network visibility to truly identify the compromised internal host and match that network traffic with traffic leaving the environment. This provides the most advanced data correlation capability available to pinpoint malicious traffic without compromise.

 

 


Find Out More