SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Threat intelligence gateways minimise work of preventing attacks
Thu, 21st Sep 2017
FYI, this story is more than a year old

Firewalls, intrusion prevention systems and just about every security tool on the market may seek to prevent breaches from happening, but according to Ixia, businesses still miss attacks and suffer breaches every day. The risk of damage in those cases is unlikely to subside unless businesses look into threat intelligence solutions that accompany other tools.

Ixia says that the amount of generated security alerts puts strain on both organisations' security teams and their infrastructure.  A Ponemon Institute study found that security teams at large enterprises will waste more than 20,000 hours every year chasing false positives.

On top of that, 44% of security alerts are never investigated. Ixia says this is a waste of time and money, and also comes with increased risk of falling victim to an actual attack.

Dedicated, high performance threat intelligence solutions are able to help block malicious traffic and relieve the pressure on staff and infrastructure, Ixia claims.

When threat intelligence solutions are deployed alongside existing security solutions, threat intelligence gateways can screen incoming and outgoing traffic based on IP addresses.

Threat intelligence gateways can also detect infected systems to stop connections from botnets, phishing scams and malware.

“Pre-filtering known bad IP addresses and traffic from untrusted sources is a powerful tool in the war against malware. This pre-filtering creates a first line of defence that stops a huge amount of traffic from ever reaching a business's firewall. By pre-filtering, it's possible to see up to 80 per cent fewer SIEM alerts within 24 hours. This eliminates countless hours spent investigating each alert to confirm the business isn't being breached or accidentally blocking legitimate traffic,” comments Ardy Sharifnia, Ixia ANZ general manager.

Threat intelligence gateways reduce the amount of security information and threat management (SIEM) alerts that are generated. Ixia says that when these alerts are reduced to a manageable number, security teams can spend more time investigating each alert to stop threats and improve alert resolution metrics.

According to Ixia, there are four key benefits of threat intelligence gateways:  1.  Immediate reduction in security alerts 2.  Reduced workload for security appliances 3.  Unlimited blocking of IP addresses at line rate speed 4.  Security that is resilient to device failure or offline status

“Exploding traffic volumes and the increasing prevalence of cyberattacks require new strategies for keeping security defences strong. Businesses can offload existing infrastructure with a dedicated gateway appliance that uses real-time threat intelligence to block communications with malicious IP addresses. With less traffic to process, security appliances will issue fewer alerts for staff to investigate and have more capacity to operate efficiently,” Sharifnia concludes.