Story image

Threat intelligence gateways minimise work of preventing attacks

21 Sep 2017

Firewalls, intrusion prevention systems and just about every security tool on the market may seek to prevent breaches from happening, but according to Ixia, businesses still miss attacks and suffer breaches every day. The risk of damage in those cases is unlikely to subside unless businesses look into threat intelligence solutions that accompany other tools.

Ixia says that the amount of generated security alerts puts strain on both organisations’ security teams and their infrastructure.  A Ponemon Institute study found that security teams at large enterprises will waste more than 20,000 hours every year chasing false positives.

On top of that, 44% of security alerts are never investigated. Ixia says this is a waste of time and money, and also comes with increased risk of falling victim to an actual attack.

Dedicated, high performance threat intelligence solutions are able to help block malicious traffic and relieve the pressure on staff and infrastructure, Ixia claims.

When threat intelligence solutions are deployed alongside existing security solutions, threat intelligence gateways can screen incoming and outgoing traffic based on IP addresses.

Threat intelligence gateways can also detect infected systems to stop connections from botnets, phishing scams and malware.

“Pre-filtering known bad IP addresses and traffic from untrusted sources is a powerful tool in the war against malware. This pre-filtering creates a first line of defence that stops a huge amount of traffic from ever reaching a business’s firewall. By pre-filtering, it’s possible to see up to 80 per cent fewer SIEM alerts within 24 hours. This eliminates countless hours spent investigating each alert to confirm the business isn’t being breached or accidentally blocking legitimate traffic,” comments Ardy Sharifnia, Ixia A/NZ general manager.

Threat intelligence gateways reduce the amount of security information and threat management (SIEM) alerts that are generated. Ixia says that when these alerts are reduced to a manageable number, security teams can spend more time investigating each alert to stop threats and improve alert resolution metrics.

According to Ixia, there are four key benefits of threat intelligence gateways:  1.  Immediate reduction in security alerts 2.  Reduced workload for security appliances 3.  Unlimited blocking of IP addresses at line rate speed 4.  Security that is resilient to device failure or offline status

“Exploding traffic volumes and the increasing prevalence of cyberattacks require new strategies for keeping security defences strong. Businesses can offload existing infrastructure with a dedicated gateway appliance that uses real-time threat intelligence to block communications with malicious IP addresses. With less traffic to process, security appliances will issue fewer alerts for staff to investigate and have more capacity to operate efficiently,” Sharifnia concludes.

Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."