Ransomware has become the largest cyber threat. When you see a title that says “NotPetya Costs Merck, FedEx, Maersk $800M” it grabs your attention.
All companies are looking at ways to bolster ransomware defenses. While there’s no silver bullet using Cyber Threat Intelligence (CTI) can significantly mitigate ransomware risk. The challenge with CTI is that it can be difficult to acquire, manage, and operationalize.
The emergence of Threat Intelligence Gateway (TIG) technology like our PoliWall® TIG™ eliminates these enabling you to consume and take action with CTI in an easy, scalable, and automated way.
Let’s look at how organizations are using PoliWall to mitigate ransomware risk.
Reducing the Ransomware Attack Surface with GEO-IP Filtering
PoliWall contains country IP information for every country. Like IPs in general, country IPs are dynamic and constantly changing. PoliWall ensures that country IPs are always up to date. When it comes to deploying GEO-IP filtering policies, this is easily done with the click of a map.
Don’t do business with Russia or China, well then there’s probably no need for traffic from these countries to be on your network. By deploying GEO-IP filtering in and easy, automated, and scalable way, organizations are significantly reducing their attack surface and exposure to ransomware risk.
GEO-IP filtering is not a new concept but what’s new with PoliWall TIG is a much simpler and easier way to operationalize it vs. the traditional approach of firewall rules and access control lists (ACLs). We are seeing significant interest from organizations using PoliWall TIG to consolidate and reduce the management burden of GEO-IP blocking efforts.
Use Cyber Threat Intelligence to Block Known Threats
While GEO-IP filtering is an excellent way to reduce your ransomware attack surface, applying Cyber Threat Intelligence (CTI) can help further mitigate this risk. The good news is there is a significant amount of actionable CTI that exists.
The bad news is: (1) your existing network security controls like firewalls only give you a limited subset of CTI because they weren’t built to handle the massive volume of indicators required to protect today’s networks; and (2) while there is a significant amount of CTI available many companies lack the resources to fully use and apply it effectively. If you are one of the lucky few that are, then you’re probably facing challenges managing and operationalizing it.
ALERT! ALERT! GREAT NEWS!
PoliWall TIG eliminates these issues. PoliWall TIG gives you access to CTI at the scale you need to protect yourself AND it enables you to operationalize it in a simple and automated way. #Winning!
PoliWall TIG comes out-of-the-box with approximately 10 million CTI indicators (IPs and domains) across 17 threat categories including botnets, command and control, Tor/anonymizers to name a few. PoliWall can easily integrate with additional threat feeds and can filter traffic against over 100,000,000 indicators with virtually no latency. This compares to the 100,000 indicators most firewalls can process before significant performance issues kick in.
Not only do you get significantly more CTI with a PoliWall, it’s is also significantly easier to manage than using firewall rules and ACLs. Policies are easily configured through an intuitive interface.
Want to block Botnets? Check!
Want to adjust your risk threshold for Command & Control? Slide!
CTI in PoliWall is dynamically updated in near real time and policies automatically applied eliminating the operational burden of firewall rules and ACL management and improving your security posture.
Ransomware risk is a fact of life. While there’s no silver bullets to 100% prevent ransomware, by applying GEO-IP filtering and Cyber Threat Intelligence you can significantly mitigate your risk. Our PoliWall TIG enables you to apply GEO-IP and threat indicator-based network protection at the scale you need in a simple and automated way.
Get your TIG on!