Nozomi Networks is excited to announce a new subscription service to its portfolio this week: a Threat Intelligence Feed that can be used outside or independent of our Guardian and Vantage platforms with other third-party security platforms. This data feed can be used by any security platform that handles Industry-compliant Structured Threat Intelligence eXpression (STIX) and Trusted Automated eXchange of Intelligence Information (TAXII) threat data to better leverage and customize cybersecurity data for new applications.
What Is a Threat Intelligence Feed?
According to TechTarget’s WhatIs.com:
A threat intelligence feed (TI feed) is an ongoing stream of data related to potential or current threats to an organization’s security. TI feeds provide information on attacks, including zero-day attacks, malware, botnets and other security threats. TI feeds are vital components of security infrastructure, which help identify and prevent security breaches. Threat Intelligence can be used to implement more granular security policies, as well as to identify potential characteristics or behaviors associated with that threat. Threat intelligence is gathered to help organizations understand emerging threats in the cybersecurity landscape, including zero-day threats, advanced persistent threats and exploits. Threat actors may also include internal and partner threats, but the emphasis is on outside sources that might cause the most damage to a particular organization’s environment.
The new Threat Intelligence Feed is based on the Nozomi Networks Threat Intelligence subscription, which is solely for use in our own Guardian and Vantage products, but the new feed can be used in other security platforms. Threat Feed allows other platforms to leverage Nozomi Networks research and intelligence on recent and emerging threat indicators and how they are spreading. The feed delivers a single, unified source of data, including malicious IP addresses or URLs, new indicators of compromise (IOC) signatures, threat sources, malware hashes, and methods and tactics to gain system access, all of which can serve to accelerate incident response and enhance security operations.
The vision of Nozomi Networks, and what our customers continually ask for, is to do more with the data we observe and collect. This Threat Intelligence Feed gives customers new options for leveraging our data and intelligence for better analysis, security automation, policy enforcement or integration into other tools and dashboards. More flexibility means more security and more ways to apply Nozomi Networks intelligence.
How Can Customers Use the Threat Intelligence Feed?
One initial Nozomi Networks customer is feeding the Nozomi Networks threat data into Azure Sentinel SIEM to identify new IOCs. Then, a Security Orchestration, Automation and Response (SOAR) platform updates Palo Alto Networks’ firewalls with new isolation rules based on the IOCs. In this case, Nozomi Networks’ Guardian platform can further update the SOAR platform with asset information on the potentially compromised system, its security posture, and quarantine status.
The new Threat Feed is also a solid option for many non-traditional customers outside the industrial control space that have other security environments or automation platforms, or for IT environments beyond the reach of our Guardian install base.
More information from TechTarget’s WhatIs web site on how business and IT leaders typically leverage threat intelligence feed data includes:
- Security operations. A threat intelligence program can give security operations teams the ability to identify, disrupt and develop effective strategies for defending against the attacks. Threat intelligence can also help security teams contain attacks that are already underway.
- Incident response. Security analysts use threat intelligence to identify threat actors, their methods and the potential vectors they use to gain access to systems. Armed with this knowledge, security staff can then predict which systems are most at risk and focus their resources on protecting those systems.
- Vulnerability management. Threat intelligence can help security professionals combat threats by providing accurate and timely information on new and emerging threats, vulnerabilities and exploits.
- Risk analysis. Threat intelligence provides contextual data for organizations when evaluating their risk profile. It is especially helpful for those using risk modeling to determine investment priorities.
- Security leadership. Security leaders can benefit from using threat intelligence as a critical resource to assess business and technical risks and communicate those risks to management.
There will be a couple of licensing options for the new feed, including options for coverage of an entire site or a large multi-site enterprise. The Threat Intelligence Feed is compliant with a wide range of security platforms from Security Information and Event Management (SIEM) tools, next-generation firewalls and endpoint detection and response systems. For more details on specific product support and deployment options, please reach out to your local Nozomi Networks sales teams or Nozomi Networks partner network.