There is increasing awareness that threat intelligence is a vital part of security. But having knowledge and leveraging it to protect your environment effectively is not the same thing.
If only it were as simple as buying a list of IP addresses and domain names to blacklist. Threat intelligence is not just information, it is actionable information. It derives from data accessed and gathered from a variety of sources, and then contextualized by either third-party experts or your internal security team.
For many organizations, the multitude of sources for threat intelligence stops at underground forums on the deep web and blacklists. Smart cyber security providers, however, know there is another powerful source of information – their own customers. In the case of Armor, we take intelligence gleaned from our client base and feed it back into Spartan, our threat prevention and response platform designed specifically to defend cloud workloads and hybrid environments, to bolster our defenses.
This approach means that with each new client we protect, Spartan can potentially learn even more about the global threat landscape. By protecting 1,000s of clients and processing more than 100 billion events a month, the platform turns each client into a force multiplier for the rest. Having visibility into what is happening to clients in different industries and various implementations of technology offers Armor the ability to learn what types of attacks are occurring, what worked in response and what didn’t. This information can then be used to better prepare others to avoid the attack altogether, or identify any tactics or tools that could already be causing damage to their environment.
From a threat-sharing perspective, this approach generates community-powered insights that enable clients to see and learn from what their industry peers are doing. This is extremely valuable, as attacks that impact one business are liable to hit others in the same industry.
Armor Complete and Armor Anywhere both benefit through this closed-loop system that learns how to combat threats and uses the new information gathered by Spartan and Armor’s Threat Resistance Unit (TRU) researchers. By aggregating, analyzing and implementing threat intelligence from 50-plus global sources, Armor identifies risks and threats before they’re active.
Through leveraging the threat intelligence curated from Armor’s IP as well as public and private sectors to create tailored blacklists and policies, data packets that enter the environment can be inspected against those policies and blocked if they are identified as malicious.
Just as cloud adds agility to business operations, this approach adds agility to cyber security – allowing organizations to quickly benefit from the intelligence developed from other clients. Without the ability to integrate this intelligence back into security defenses, organizations cannot update their security defenses fast enough to keep up with the pace of cyber-threats.
The endgame is to extend security from one environment to another at the speed of cloud. With this strategy, the whole becomes greater than the sum of the individual parts, and ensures that effective intelligence for one becomes effective threat intelligence for all.
To learn more about our threat intelligence system, visit our Cloud Security Platform page.