We’ve all had that experience.  You’re walking down the street with a colleague or in your car on a call and you hear the sound.  The jackhammer.  It’s loud, unrelenting, and candidly freaking annoying.

Sounds a lot like the environment we face in security with the unrelenting volume of firewall and SIEM alerts.  Doesn’t it make your head want to explode?

The Firewall Threat Intelligence Scale Problem

It’s widely known that cybersecurity has a scale problem – threats, alerts, and a scarcity of security staff.

What’s less known but becoming more known every day is the scale problem that exists with traditional network security controls like firewalls.  Specifically, it’s the firewall’s limited ability to consume and process the massive volume of Threat Intelligence (TI) indicators that are required to protect today’s networks.

Firewalls simply weren’t architected to handle the exploding volume of threat indicators (IPs and domains) that exist today.

To put this in perspective, at any moment, there are over 10,000,000 known threats but most firewalls can only handle a few hundred thousand indicators before significant performance issues kick in.  This isn’t our opinion. It’s a fact we’re hearing from customers and leading industry analysts.

Firewall TI Limitations Create Security Coverage Gaps & Alert Overload

The TI limitations of firewalls force you to either (1) operate with a limited subset of threat intelligence or (2) pay for an expensive firewall horsepower upgrade to handle threat indicator processing.  That translates into either accepting security coverage gaps or spending unnecessary funds on an expensive firewall upgrade to attempt to mitigate the issue.  As a leading industry analyst said to us, “if a customer has a 10 Gb network connection it doesn’t make economic sense to upgrade to a 25 Gb firewall in order to use more threat intelligence.”  The result is that many organizations are operating with security coverage gaps that contribute to the alert noise from firewalls and SIEM systems.

Take your TI to 11!

“This is the top to, uh, you know, what we use on stage, but it’s very, very special because, if you can see, the numbers all go to eleven. Look…, right across the board. Eleven, eleven, eleven and then…”

-          Nigel – Spinal Tap

There’s a significant amount of actionable TI that organizations can use to eliminate security coverage gaps and reduce the alert overload issue.  The issue with TI is that in the past only large organizations had the resources to Acquire, Aggregate, Automate, and Act on TI.

(In fact, I just now came up with future blog posts as I’d like to walk you through each of the 4 A’s of TI!)

Well I’m here to tell you that those days are in the rear view mirror.  There’s a new generation of network security technology called Threat Intelligence Gateways (TIGs) that bring the power of TI to companies of all sizes.  TIGs also alleviate the firewall TI scale problem.

Our PoliWall® TIG™ solution was purpose-built to use TI indicators to detect and block known threats ahead of the firewall.  PoliWall TIG comes out of the box with over 10 million threat intelligence indicators across 17 categories, country IPs, and organization IPs (based on Autonomous System Number).  PoliWall TIG can filter traffic against over 100 million unique threat indicators.

PoliWall provides enterprise grade TI-driven protection in a turnkey solution that is easy to deploy and operate.  With PoliWall we are democratizing TI enabling companies of all sizes to Access, Aggregate, Automate, and Act on TI.

The result is not only an improved security posture, but you will also reduce that ear ringing by dramatically reducing alerts from your firewall and SIEM systems.

Conclusion

PoliWall TIG is enabling organizations to amp up their use of Threat Intelligence and tamp down the deafening alert noise security staffs are dealing with.  Our customers are seeing multiple benefits including:

  • Reduced risk through attack surface reduction
  • Significant decreases in in alert volumes from firewall and SIEM systems
  • Increased staff productivity driven by a reduction in manual firewall log reviews and alleviating the burden of updating firewall rules and access control lists.
  • Significant improvements in the performance of firewalls including in some cases alleviating the need for expensive firewall upgrades
  • Increased ROI on threat intelligence investments including SIEM investments by being able to act with TI

For more information on PoliWall TIG check out our data sheet.  We’re also happy to provide you a demo and/or a free 30-day evaluation of PoliWall.

So, take your TI to 11

Get your TIG On!