Every once in a while I get time to check out what new security technologies are popping up. Last week at Cisco Live I met the Centripetal Networks team and saw a impressive demo of their RuleGate solution. This post will provide a general overview of what I saw with some screenshots of their offering.
Centripetal Networks goal is to shorten the time a threat intelligence source produces data and that data is delivered to a security tool to take action against the threat. Typically the time to accomplish this takes a while as research has to be converted into a feed and a vendor has to important that feed as well as have it impact defenses in some manner. Also many security solutions are limited to how many checks can be enabled meaning a well tuned IPS may have 8-10 thousand checks and bundled with a application layer firewall may have 30-40 thousand checks.
Centripetal showed me their approach to these issues by enabling multiple feeds that provide around 5 million checks when fully enabled. Threat feeds come from various open source and enterprise services and can be immediately transferred into action, which can be block the threat, trigger an alarm or generate a PCAP of the incident. The next screenshot shows the dash board presenting a ton of feeds including the highlighted Cisco AMP ThreatGrid feed. Note the enterprise feeds are not managed by Centripetal so they must be purchased by the feed provider.