Blog

How to Automate & Block Cyber Threats from Existing Security Controls

09.05.2019

There is no silver bullet for network security. Security professionals know that truly protecting their network and its assets requires three things:

1. First, security should be approached as a practice and a discipline.

2. Second, there is no single solution for protecting the entirety of an organization’s networks.

3. Third, the products deployed to secure today’s highly disparate networks should work together in an automated and integrated fashion.

However, with the amount of solutions available, this is no easy task. At ThreatBlockr, we understand that providing our customers with a market leading threat intelligence solution is not enough. This is why the ThreatBlockr Threat Intelligence Gateway (TIG) was built with automation and integration as a critical component of its DNA.

Harness the Power of Automated Integration Utilizing the ThreatBlockr REACT™ Capability

ThreatBlockr TIG is an open platform that easily integrates with other security solutions by delivering automated blocking of IPs from other security devices. The ThreatBlockr REACT™ capability enables ThreatBlockr TIG to automatically ingest malicious IPs from other security systems including SIEMs, Security Orchestration Automation & Response (SOAR) solutions, NGFWs, IPS, endpoint, and other security controls.

ThreatBlockr TIG with other security controls, enabling automated and semi-automated blocking of malicious IPs detected by these systems. Once configured, organizations can also manually add entries to REACT™ utilizing the ThreatBlockr Global Management Center (GMC). REACT™ enables organizations to:

  • Integrate alerts from other devices within their security stack (SIEM, FW, IPS, physical security solutions)
  • Configure and manage threat feed actions, such as configuring Time-To-Life values (i.e. 24 hrs/1 week/forever)
  • Enjoy greater control of their threat feeds, including false positive mitigation and tuning of the REACT™ threat list, utilizing the easy to use, single-pane-of-glass Global Management Center (GMC)

How to Access the ThreatBlockr TIG REACT™ Capability

  1. ThreatBlockr Support Center to schedule a call with one of our ThreatBlockr Support team engineers (See Below)
  2. The ThreatBlockr Support team will work with your IT Security team to build a customized script for the devices within your network from which you would like to enable integration
  3. Identify a server within your network that will ingest alerts and, using the customized script provided, parse to the ThreatBlockr GMC
  4. Utilize the ThreatBlockr GMC to fine tune and customize the REACT™ integrated threat feed

Broader View and Greater Protection Utilizing Integration and Automation

The ThreatBlockr TIG and its REACT™ capabilities enables automation and integration of both next-generation and legacy security device threat intelligence within your network, thereby maximizing the value of existing security investments, reducing staff overload, and strengthening your edge defenses.

To start utilizing the ThreatBlockr TIG REACT™ functionality within your network, contact the ThreatBlockr Support Team today via email at support@threatblockr.com, or by opening a request via the ThreatBlockr Support Center, here: https://helpdesk.threatblockr.com/hc/en-us/requests/new

Want to Try a ThreatBlockr Threat Intelligence Gateway Risk-Free for 30 days?

Simply click here for a free trial of our powerful, purpose-built threat intelligence gateway.