Threat Intelligence: Past performance does not indicate future results

Written by: Francesco Trama | Published on: May 9th, 2017

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

Most investors have seen the disclaimer, “Past performance is not indicative of future results.”  Network security professionals should have this in mind while considering threat intelligence as a foundational element for security strategies. The rapidly and ever-changing threat landscape makes the value of historical threat intelligence alone in predicting cyber attacks uncertain and the attacker’s advantages seem overwhelmingly endless.

Eli Ben Meir in his recent article, Threat Intelligence in the Age of Cyber Warfare emphasizes that one of the first steps in an impactful cybersecurity strategy is to “determine exactly who constitutes an enemy in cyberspace.”

Integrated threat management strategies that have at their core firewalls, or Next Generation Firewalls (NGFW) and threat intelligence, can provide some effective attack prevention, but also have some challenges, most notably:

  • It is difficult to keep firewall rules updated to keep current with real-time threats
  • The amount of rules a firewall can accommodate is limited
  • There is frequently a delay in gathering, processing and distributing new threat intelligence
  • Firewall penalties are not punitive enough. Once scans are dropped attackers frequently just initiate a new scan

While anonymous attackers have many advantages, today’s network administrators maintain unique capacities with regard to proactive network defense.

The Answer: Advanced Perimeter Defense

The administrator’s advantage is an intimate knowledge of the network(s).  Weaving that knowledge into perimeter defense planning serves to more easily define who is the enemy of your specific network based on activity at the network edge.

Advanced Perimeter Defense (APD) combines the administrator’s proficiency with three key elements of perimeter defense software:

  • Advanced IP Filtering
  • Threat Intelligence
  • Analytics

Deploying APD software in front of a firewall and teamed with a threat intelligence framework provides superior network protection and proactive defense.  Moreover, threat actor identification can be realized by utilizing real-time behavioral pattern recognition at the network edge.

APD software allows the network administrator to create precise access rules based on the core elements of high-value IPs.  These access rules can be port-specific and bi-directional based on elements of the company, country, network.  Furthermore, decoy ports and traps can be established based on time-based and rate-specific factors.

Once an IP violates any of these access rules, harsh penalties can be imposed and the immediate edge intelligence is recorded.  This approach strengthens overall network security while improving the performance of other essential security solutions such as the firewall, NGFW, Intrusion Detection System (IDS), Intrusion Prevention System (IPS) and Security Information and Event Manager (SIEM)

PacketViper provides the leading Advanced Perimeter Defense software, alleviating up to 70% of downstream security load, avoids disruptive “rip and replace” approaches, and mitigates security risk(s).