Story image

Threat intelligence gateways minimise work of preventing attacks

21 Sep 17

Firewalls, intrusion prevention systems and just about every security tool on the market may seek to prevent breaches from happening, but according to Ixia, businesses still miss attacks and suffer breaches every day. The risk of damage in those cases is unlikely to subside unless businesses look into threat intelligence solutions that accompany other tools.

Ixia says that the amount of generated security alerts puts strain on both organisations’ security teams and their infrastructure.  A Ponemon Institute study found that security teams at large enterprises will waste more than 20,000 hours every year chasing false positives.

On top of that, 44% of security alerts are never investigated. Ixia says this is a waste of time and money, and also comes with increased risk of falling victim to an actual attack.

Dedicated, high performance threat intelligence solutions are able to help block malicious traffic and relieve the pressure on staff and infrastructure, Ixia claims.

When threat intelligence solutions are deployed alongside existing security solutions, threat intelligence gateways can screen incoming and outgoing traffic based on IP addresses.

Threat intelligence gateways can also detect infected systems to stop connections from botnets, phishing scams and malware.

“Pre-filtering known bad IP addresses and traffic from untrusted sources is a powerful tool in the war against malware. This pre-filtering creates a first line of defence that stops a huge amount of traffic from ever reaching a business’s firewall. By pre-filtering, it’s possible to see up to 80 per cent fewer SIEM alerts within 24 hours. This eliminates countless hours spent investigating each alert to confirm the business isn’t being breached or accidentally blocking legitimate traffic,” comments Ardy Sharifnia, Ixia A/NZ general manager.

Threat intelligence gateways reduce the amount of security information and threat management (SIEM) alerts that are generated. Ixia says that when these alerts are reduced to a manageable number, security teams can spend more time investigating each alert to stop threats and improve alert resolution metrics.

According to Ixia, there are four key benefits of threat intelligence gateways: 
1.  Immediate reduction in security alerts
2.  Reduced workload for security appliances
3.  Unlimited blocking of IP addresses at line rate speed
4.  Security that is resilient to device failure or offline status

“Exploding traffic volumes and the increasing prevalence of cyberattacks require new strategies for keeping security defences strong. Businesses can offload existing infrastructure with a dedicated gateway appliance that uses real-time threat intelligence to block communications with malicious IP addresses. With less traffic to process, security appliances will issue fewer alerts for staff to investigate and have more capacity to operate efficiently,” Sharifnia concludes.

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.