Security Operations teams are dealing with an ever growing set of challenges. There is the everyday security events to process, and there is the drive to search for the latest advanced threat that has not been discovered. Both of these tasks require manpower and time. Threat Intelligence is able to solve this issue. It is capable of providing insight on a large volume and category of threats. Organizations must apply this intelligence (both internal and external) to be able to reduce the threat surface.
Large-scale intelligence is highly dynamic, as individual Indicators of Attack (IOAs) may have a short time where they are relevant. It's critical to get this information into action quickly, and out of action once they are no longer a valid threat.
Finally, in dealing with large-scale dynamic intelligence sets, organizations need a plan to handle the MILLIONS of Indicators available at a given time without reducing the performance on their network, or increasing the complexity of the deployment. High-end NGFWs only support 10-40K rules - leveraging these devices for Threat Intelligence only allows for smaller, more focused policies.
"30% of our email system performance is wasted simply rejecting mail from known malicious sources."
"It takes months to fully identify and eliminate a threat in our network even when all our existing tools tell us about it."
"Our systems are constantly being re-evaluated to meet the growing scale of today's threats."
Internet Service Provider
Threat Intelligence provides a significant advantage for categorizing and prioritizing network security events. Large volumes of highly dynamic intelligence have the opportunity to significantly reduce the amount of network security events end users are dealing with.
Applying GEO based policies that are of low-risk to the business, often times as much as 30% of malicious network traffic is eliminated from the network. Eliminating this network traffic at the Gateway reduces the need for downstream devices to process this traffic, speeding up performance, and extending the life of those investments. Additionally, security teams are given more time to focus on the remaining threats in their environment.
Once organizations have a handle on the effects of blocking this traffic at the Gateway and reducing these threats in their networks, they continue to tighten controls. Using large-scale policies to dynamically track items like scanners, Command and Control infrastructure, and un-authorized Remote Access tools, organizations further reduce risk, and higher-risk, advanced treats rise to the surface.
In this example, QuickThreat has reduced half of the volume of malicious traffic from known threats, raising the visibility of the Advanced Persistent Threats and Nation-State events. QuickThreat also has the ability to further reduce threats by expanding the policy to include more trusted intelligence sources.