Blog

The Threat Intelligence Challenges with Firewalls

08.04.2020

In our recent whitepaper, The Threat Intelligence Challenges with Next-Generation Firewalls, we provided real world data from firewall vendors illustrating the limitations firewalls have integrating third-party threat intelligence. One example we highlighted was the IP address limits of Palo Alto Networks’ External Block Lists, which range from 50,000 to 150,000 IPs. To put this in perspective, there are approximately 4.3 billion IPv4 addresses.

In this blog, we’re going to highlight these real world customer examples and show how the ThreatBlockr platform is helping our customers overcome these challenges.

Customer Example #1 – Health Insurance Provider

Our first example is a health insurance provider. They were actively using threat intelligence feeds and Anomali’s ThreatStream Threat Intelligence Platform to aggregate, manage, and analyze the threat intelligence data. To conduct network enforcement (a fancy way of saying proactive blocking using threat intelligence), they had built a homegrown system using their routers and Borderless Gateway Protocol (BGP) peering. They experienced issues with their homegrown system that caused them to look for an alternative, more turnkey solution for threat intelligence blocking. For context, this particular customer had deployed next-generation firewalls from Palo Alto Networks. However, because of the previously mentioned limitations, they were unable to use threat intelligence to block at the scale required for their security needs.

As a qualified AIG CyberEdge customer (and by way of our partnership with AIG), this customer was able to receive a complimentary 1Gb ThreatBlockr appliance and subscription. Once deployed into their network, they were able to use threat intelligence to block in a more automated and scalable way than could be done using their previous homegrown system or using their Palo Alto Networks next-gen firewalls. What’s more, they were able to block up to 150 million IP and domain indicators.. far exceeding the capabilities of next-gen firewalls. They shared with us that it was easy to integrate threat intelligence from Anomali ThreatStream into our platform. 

Since their initial deployment, the customer has deployed multiple, additional ThreatBlockrs, including our recently launched 10 Gbps solution, to protect multiple locations.

Customer Example #2 – Global Law Firm

Our second example is a global law firm that recently selected the ThreatBlockr  platform for threat intelligence blocking. This customer was also an active user of threat intelligence and was using threat intelligence from IntSights, along with the IntSights Threat Intelligence Platform to aggregate, manage, and analyze the threat intelligence. 

The primary challenge this customer faced was “inherent limitations in how much threat intelligence they could put in their firewall.” Similar to our first customer example, the law firm had also deployed Palo Alto Networks’ next-generation firewalls throughout their networks. However, because of system limitations, the customer had to constantly rotate threat indicators in and out of their blocklists, resulting in their “not being able to carry them for a long enough time to provide enough protection.” 

The law firm decided to evaluate the ThreatBlockr platform, and thereby validated the platform’s ability to block using threat intelligence in a more scalable and automated way – than could be done with its next-generation firewalls, as well as our ability to easily integrate with IntSights. The law firm also noted the ability to take a reactive security concept (i.e. threat indicators/indicators of compromise) and make it more proactive by blocking threats at the edge before it hits their network, as an added benefit. 

To date, the law firm is in the midst of a global deployment of our platform.

Conclusion

While data from firewall vendors clearly dictates threat intelligence limitations with next-generation firewalls, the reality is that actual customer use case examples provide more powerful validation. These examples clearly illustrate both the threat intelligence challenges facing next generation firewalls, as well as show the ability of our platform to help organizations overcome these challenges. Our ThreaBlockr is not only enabling companies to make threat intelligence actionable in a more scalable and automated way, but it’s also enabling them to use threat intelligence more proactively to protect their networks.

Want to learn more?