When small and medium-sized enterprises hear the words “threat intelligence,” they typically have one of two reactions. The first reaction goes something like, “My existing security solution (like my next-generation firewall) already provides threat intelligence.” The second reaction tends to be something like…“Thank you but threat intelligence is beyond my means.”
In our recent blog, No…Your Firewall Doesn’t Do “THIS”, we addressed the first reaction. We highlighted the fact that firewalls use proprietary threat intelligence to detect and block threats. We shared that while this intelligence has value, it’s still insufficient protection because it provides too narrow of a view of the threat landscape.
Why Some People Think Threat Intelligence is Beyond Their Means
In this blog, we’re going to focus on the second reaction:
“Thank you but threat intelligence is beyond my means.”
Just so you know, we hear this a lot. Usually it’s because:
- Most small and medium-sized companies are faced with budget and staff constraints. A small team wearing many hats.
- There is a perception that threat intelligence is expensive to acquire and requires significant resources (tools, people, more $$) to manage and operationalize (this is a fancy way of saying, “using it in your security practice”).
The reality is that there is both fact and fiction in both of these perceptions. Let’s break them down and separate the threat intelligence myths from the threat intelligence truths:
Threat intelligence data doesn’t have to be expensive. Acquiring threat intelligence data can be an expensive endeavor particularly when it comes to commercial threat feeds. However, this does not mean that all threat intelligence is expensive. For example, there are plenty of sources of threat intelligence that organizations can access affordably. These include open source threat intelligence feeds and industry and government sourced-intelligence. Additionally, there are high quality commercial threat intelligence feeds that organizations can acquire without “breaking the bank.”
Managing threat feeds doesn’t have to be hard or resource intensive. Accessing threat intelligence from multiple sources, in an affordable way, is great.. but what about all the resources and costs required to manage and maintain it? The short answer is this, threat intelligence has evolved. You don’t need to spend a lot of money on tools to manage it. You don’t need a large security staff to manage it. There are threat intelligence solutions that organizations can use that are easy to deploy, highly automated (equals easy to manage), and are affordable.
Making threat intelligence actionable doesn’t have to require a herculean effort. The final, most critical aspect of threat intelligence is putting it to use. How do you integrate threat intelligence into your security practice so that it is able to detect and block threats? There is no doubt that integrating third-party threat intelligence into your existing security environment can be challenging. In fact, we discuss this in our whitepaper The Threat Intelligence Challenges with Next Generation Firewalls. However, as we also discuss in that paper, there is a simple, powerful way = The ThreatBlockr platform.
How ThreatBlockr Makes Threat Intelligence Actionable
We here at ThreatBlockr see small and midsized organizations adopt threat intelligence-driven protection on a daily basis. Our ThreatBlockr enables them to use threat intelligence in an easy, turnkey, and cost effective way. When deployed in their networks, the ThreatBlockr platform:
- Provides “out of the box” access to 30 million IP and domain threat intelligence indicators from multiple sources including commercial, open source, industry, and government sources;
- Easily integrates IP and domain threat intelligence from any source whether that be a cool open source threat feed, a custom denied (block) list, and/or integrating indicators from a SIEM;
- Makes threat intelligence actionable in an easy and automated way with the ability to block up to 150 million IP and domain indicators;
- Is easy to deploy and highly automated so it doesn’t require an army of security staff to operate;
- Not only strengthens your network security by blocking more threats but also improves the effectiveness and efficiency of your next-generation firewall helping you drive more ROI from your existing investments.