Centripetal Networks

 

The Challenge

 

Organizations large and small are struggling with manually processing and responding to threats and alerts to keep up with today's dynamic threat landscape.

 

Threat information is delivered to organizations in varying ways - Email, PDF, APIs, JSON, STIX/TAXII, etc. End users then process the data, in many cases manually, to determine the relevance to the organization. The relevance and timeliness helps an organization make a decision about whether they need to address the threat and take action.

This action phase results in creating new rules in the firewall, SNORT rules in the IDS, updates to the proxy server, and new rules in SIEM. Performing this action throughout the day, evening, weekend - whenever the latest information is delivered.

Manually processing the data, understanding the reports, and creating the types of rules for the existing security devices is a time consuming effort. In large organizations there are often dedicated teams who operate the various security tools; however, in smaller organizations it is often just a few people who have that responsibility. It is no wonder the largest complaint about threat intelligence is the inability to keep up and take action on the data.

 

Challenges with this approach:

Operator Intensive Inefficient Process
Complex Log Queries Enforcement Limits
Overwhelming Datasets Multiple Standards

The challenge of managing threat
intelligence across the enterprise

 

End User Concerns

 

"It takes us 45 minutes on average to take an email alert to a protective action."

Internet Service Provider

"I don't have time to read a 200 page pdf report to understand the latest threats and figure out how to defend against it."

Online Retailer

"I get emails at 4am and have to roll out of bed to get the IP addresses into my firewall."

Regional Bank

 

 

QuickThreat® Use Case

 

Automating Machine-Readable Threat Intelligence from Acquisition to Action closes the protection gap.

 

In order to keep up with the volume of intelligence, we must be able to do so dynamically, machine-to-machine. Machine Readable Threat Intelligence (MRTI) is available in multiple formats and update intervals. The Machine Readable Threat Intelligence is able to keep up with the data, therefore, allowing the analysts to focus on other tasks and improve their efficiency.

It is also not enough to simply detect advanced threats in your network. By then, it may be too late. QuickThreat® turns cyber threat intelligence into protective action on the network. A majority of the hacking events that have occurred in the news have had cyber threat intelligence related to the threat in advance. By leveraging this intelligence, organizations are able to block this activity in the moment, rather than react.

Deploying a QuickThreat® Gateway at the network edge enables a full end-to-end security platform for Acquiring, Aggregating, and Acting on network threats in real-time.

 

Types of Threats:

State-Sponsored Cyber Crime
Hacktivist Newly Registed Domains
APTs Malware

QuickThreat® Subscription automatically updates Intelligence

 

QuickThreat® Gateway Deployment

 

Deploying the QuickThreat Gateway in-line between the Internet edge router and the firewall security stack enables an end-to-end automated intelligence platform.

 


QuickThreat® Gateway alerts and blocks events in real-time

When deployed in-line, outside the firewall security stack, QuickThreat® Gateway alerts and blocks network traffic in real-time using dynamically updated threat intelligence. Internal TAP infrastructure provides internal network visibility to truly identify the compromised internal host and match that network traffic with traffic leaving the environment.

This provides the most advanced internal host correlation capability available because it pinpoints malicious traffic mapped to unique hosts inside the network.

 

 

Business Outcomes

 

Stay up to Date

The latest threat intelligence is dynamically delivered and applied to your QuickThreat® Gateway. Users no longer need to manually process data, and can focus on the human analyst work instead.

Close the Protection Gap

Intelligence is most effective when delivered timely, enabling rapid response to reduce risk. Machine-to-Machine transfer takes a process from hours to seconds, and operates around the clock.

Reduce Costs

Cost savings be demonstrated in multiple forms. Time-savings through automation, reduction in incident response and breach resolution costs, and demonstration of value from intelligence teams and threat intelligence subscriptions.