It’s time to take a different approach to utilizing threat intelligence

Written by: Don Gray | Published on: September 25th, 2018

About The Author

Don Gray
Don Gray CTO Don Gray is responsible for the continued development of the PacketViper technology roadmap, harnessing his extensive experience in cybersecurity software strategy and technology development. Previously Don contributed to blogs and threat intelligence reports for NTT Security (formerly Solutionary).

threat intelligence used for network defenseThreat Intelligence has gotten a lot of attention in the last few years. What is it? Who understands it? Is it actionable?  Plus think about the substantial investment for security organizations to create such a perishable good and then actually using it to protect a network can be complicated. Don’t forget the numerous reports about threat intelligence, of which I’ve helped create, which detail the mind-boggling number of threats.

I believe one of the biggest opportunities for security teams today is to find a way to reduce the operational burden and cost of security by utilizing threat intelligence. The PacketViper philosophy matches that opportunity by eliminating unwanted, or uninvited, traffic in your network. Your business doesn’t want it, why should you have to:

  • Transmit it on your networks
  • Store it in your logging facilities
  • Process it with your network and security devices
  • Analyze it with your valuable security personnel.

There’s a different approach:  Drop it at the edge.

Use a disruptive technology

The PacketViper solution generates threat intelligence based on the actual traffic directed through it. By combining deception techniques with filtering capabilities, customers receive a dynamic cyber-defense capability that results in intelligence being generated and applied at network speed.  It’s not about a threat to someone else’s network in some other part of the world, it’s about what’s happening right now to your network.

By using deception and moving the blocking of attackers farther up into the cyber kill chain, we stop them in the reconnaissance phase and never give them an opportunity to establish a foothold in your network.

The result is that this dynamic cyber-defense acts as a force multiplier for all the other investments you made in security:

  • Your networks and network devices don’t process as much traffic.
  • Your storage needs are reduced substantially.
  • Your NG Firewalls, IDS, and IPS devices generate less false positive results.
  • Your analysts can focus on true threats with less noise.

I’m excited about cybersecurity again and look forward to making PacketViper even more of a disruptive tool for our clients.