It’s no secret that cybercrime is the most vexing problem facing business today. It’s widespread and insidious, disrupts normal institutional operations, weakens customer confidence and can cause enormous financial losses.
A next-generation firewall (NGFW) can do a good job of blocking advanced malware and other threats to your internal networks, but if you have a large organization and particularly one with a global presence, you’re a prime target at ever-increasing risk of attack. For you, a threat intelligence gateway (TIG) can provide strong benefits in cybersecurity for relatively little cost.
Threat Intelligence Gateway Defined
There are now over 10 million known IP threats worldwide at any given time, all day every day, and that number is only growing as cyber criminals become ever more sophisticated. Even the best firewall can only protect against 300,000 threat indicators at a time, leaving a huge gap in protection and resulting in alert overload and inefficient use of expensive next-generation firewall resources.
A TIG is a piece of technology that sits in front of a business’s firewall and runs at line speeds ahead of it, defending against known threats before they hit. First developed for the U.S. Department of Defense by Bandura Cyber, and hitting the mainstream of enterprise organization security just two years ago, it’s a formidable barrier to the damaging effects of cybercrime.
According to a November 2017 report by S&P 500 research firm Gartner, “TIGs are differentiated and disruptive to alternative solutions because they offer massive on-box indicator scale that is not provided by other existing network security solutions. TIG solutions provide granular policy management specifically for detection and enforcement rules related to TI, TI feeds and TI categories with TI policy exception capabilities.”
Does a TIG Catch Every Threat?
Not quite. A TIG can absorb the 95 percent of threats that are known, but there are still 5 percent of as-yet unknown threats out there. That may not sound like much, but 5 percent of 10 million is 500,000. By catching the 95 percent, though, a TIG clears the way for a firewall to be much more effective in detecting those advanced and unknown threats because it has greatly reduced the noise-to-signal ratio that the firewall is bombarded with.
How Does a TIG Work?
Threat intelligence gateways take in threat intelligence directly without requiring other types of network security infrastructure. A plug-and-play device typically situated between an edge router and the firewall, a TIG filters in both directions, repelling real-time outside attacks on a network as well as stopping data exfiltration attempts.
Can a TIG Be Customized?
Yes. A TIG has a policy management dashboard and tools that allow your IT security staff to configure rule sets to block known threats based upon your own parameters of risk and create company and industry-specific policies that protect against targeted as well as more generalized attacks. And because there’s no reason to leave yourself open to unnecessary risks by accepting traffic from entities or even entire countries with which you don’t conduct business, a TIG can also be set to automatically filter by organization and/or country IP.
Will We Know What’s Hitting Us?
Yes, if you want to. A TIG can be set to filter and then left to do its job, or you can zoom in and find out what kinds of threats have been detected and repelled.
What Size Companies Need a TIG?
While large corporations operating internationally and those in certain high-profile industries are the obvious and most popular targets of massive cyber-attacks, small and medium size businesses can also benefit from the protection a TIG provides. Local and regional banks in particular, as well as other businesses in the financial sector and those with significant internet activity are increasingly looking to employ TIG technology.
Is There Any Reason Not to Have a TIG?
You may feel that your current firewall sufficiently protects your business against cyber threats and you’re not ready to move up to a TIG. If that’s the case, you want to be certain that it checks all the boxes.
A next-generation firewall is actually the third generation of the technology that has been evolving for over 25 years, and a NGFW includes all the functionalities of traditional firewalls like stateful inspection along with the capability to detect attacks with application-level inspection, integrated intrusion prevention and bringing intelligence from outside the firewall.
