Sure, just any old threat feed will do. Like those one-size-fits-all “I Heart NY” shirts in Times Square. Just like Chipotle without guac (if you’re obsessed with both Chipotle and guac, like me) or Caesar salad with no… dressing. Laverne without Shirley, Biden without Ray-Bans, or maybe the internet without a politically topical meme. I’m going somewhere with this…. I promise.
There are tons of threat feeds out there. There are also more than a handful of companies selling them. But, have you ever thought about where are the sources coming from? Are they actually blocking threats in real-time, or just telling giving you a nudge after you’ve been breached? If you’re a financial firm, should you be purchasing the same thread feed service as a retail brand? Every company has unique, specific pain points when it comes to security and the type of threats they should be focusing on. Essentially, the solution is different for everyone. There are some critical questions you might not be asking, but we’re here to help.
So, what exactly is a real-time, curated threat intelligence feed? How is it different from a regular threat feed?
A threat feed is an ongoing, flowing stream of data that’s related to current cyber threats. The thing is, it relates to data and not actual threat intelligence. Plus, it’s pretty generic. A feed can tell you what threats are out there, but what’s the point of admiring the problem when you can’t block it? And, how do you know which ones you should block?
A true real-time, curated threat intelligence feed delivers it into your DNS Server, making it a DNS Firewall. This let’s your network actually block threats as they’re coming in, tailored to your business’ specific security needs. And the alternative? Finding out you’ve been breached, but having to wait (on average) 150 days to figure out what actually happened after an investigation. You can find the bad IPs within a couple days with network logs, but it’s just a reactive detection tool. Not great if you’re head of security.
Here’s some important things you need to know about ThreatSTOP’s curated threat intelligence feed:
No Manual Updates: Save that poor person (or team) from having to manually update your feed with new threats from different sources. It’s pretty much impossible and seriously labor intensive. Even when they can update the feed, there’s no stopping them from hacking your network anyways.
One Size Doesn’t Fit All: Every attack profile is different. The risks aren’t the same, so the mitigation shouldn’t be either. If you’re a CIO in the healthcare industry, your focus should be on exfiltrating data and how it’s going to be used for blackmail. If you’re the head of a financial firm, the attacks are geared towards the inbound compromise of your system. Hackers want to manipulate your system, transfer money and take control from a remote place.
Reporting Based on Context that Actually Matters: Your reports and analytics need to mean something to you and your organization, giving actionable insight that evolves your existing network protection plan.
Maybe my initial analogies make sense now? Essentially, you can pay a lot of money for network security, but you might be shooting yourself (and your colleagues) in the foot if it’s only a reactive monitoring tool. Not to toot our own horns or anything (toot toot), but we did identify Heartbleed before it happened.
For more information on how ThreatSTOP’s IP and DNS Firewall Services can protect your network, visit our website and sign up for a free trial here.