Story image

Threat intelligence gateways minimise work of preventing attacks

21 Sep 17

Firewalls, intrusion prevention systems and just about every security tool on the market may seek to prevent breaches from happening, but according to Ixia, businesses still miss attacks and suffer breaches every day. The risk of damage in those cases is unlikely to subside unless businesses look into threat intelligence solutions that accompany other tools.

Ixia says that the amount of generated security alerts puts strain on both organisations’ security teams and their infrastructure.  A Ponemon Institute study found that security teams at large enterprises will waste more than 20,000 hours every year chasing false positives.

On top of that, 44% of security alerts are never investigated. Ixia says this is a waste of time and money, and also comes with increased risk of falling victim to an actual attack.

Dedicated, high performance threat intelligence solutions are able to help block malicious traffic and relieve the pressure on staff and infrastructure, Ixia claims.

When threat intelligence solutions are deployed alongside existing security solutions, threat intelligence gateways can screen incoming and outgoing traffic based on IP addresses.

Threat intelligence gateways can also detect infected systems to stop connections from botnets, phishing scams and malware.

“Pre-filtering known bad IP addresses and traffic from untrusted sources is a powerful tool in the war against malware. This pre-filtering creates a first line of defence that stops a huge amount of traffic from ever reaching a business’s firewall. By pre-filtering, it’s possible to see up to 80 per cent fewer SIEM alerts within 24 hours. This eliminates countless hours spent investigating each alert to confirm the business isn’t being breached or accidentally blocking legitimate traffic,” comments Ardy Sharifnia, Ixia A/NZ general manager.

Threat intelligence gateways reduce the amount of security information and threat management (SIEM) alerts that are generated. Ixia says that when these alerts are reduced to a manageable number, security teams can spend more time investigating each alert to stop threats and improve alert resolution metrics.

According to Ixia, there are four key benefits of threat intelligence gateways: 
1.  Immediate reduction in security alerts
2.  Reduced workload for security appliances
3.  Unlimited blocking of IP addresses at line rate speed
4.  Security that is resilient to device failure or offline status

“Exploding traffic volumes and the increasing prevalence of cyberattacks require new strategies for keeping security defences strong. Businesses can offload existing infrastructure with a dedicated gateway appliance that uses real-time threat intelligence to block communications with malicious IP addresses. With less traffic to process, security appliances will issue fewer alerts for staff to investigate and have more capacity to operate efficiently,” Sharifnia concludes.

Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
Report on SingHealth breach condemns poor security practices
The 2018 Singapore SingHealth data breach was poorly managed and riddled with vulnerabilities from the start.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.