Every once in a while I get time to check out what new security technologies are popping up. Last week at Cisco Live I met the Centripetal Networks team and saw a impressive demo of their RuleGate solution. This post will provide a general overview of what I saw with some screenshots of their offering.
Centripetal Networks goal is to shorten the time a threat intelligence source produces data and that data is delivered to a security tool to take action against the threat. Typically the time to accomplish this takes a while as research has to be converted into a feed and a vendor has to important that feed as well as have it impact defenses in some manner. Also many security solutions are limited to how many checks can be enabled meaning a well tuned IPS may have 8-10 thousand checks and bundled with a application layer firewall may have 30-40 thousand checks.
Threat intelligence feeds – like firewalls and virus protection – have become part of the core tools, a necessity, for most security teams. However, constant alarms and alerts make it difficult to find time for anything else.
For those charged with the job of sorting through the alarms, there are several steps that can immediately reduce the amount of alerts, allowing the ability to optimize the data based on relevant threat intelligence.