For organizations trying to improve cyber resilience, security activities and business operations have traditionally been in a seesaw balance of increasing security measures to mitigate against ever-increasing and complex threats, without the disruption of business operations. Organizations that implement a cyber security strategy by creating unrealistic policies risk interrupting the business processes and losing customers, partners, staff, or other legitimate sources trying to access their infrastructure.
Early cyber security systems involved employing specialized staff to scour the Internet daily for malicious or potentially dangerous sources, which would be listed as an IP reputation list (blacklist) that was uploaded to the firewall/IDS/IPS. The effectiveness of blacklisting is limited as hackers are alerted to the fact that their attack has reached a dead end, allowing them to stop in their tracks and come up with a new strategy, rather than deterring them. Skillful malicious actors also often use ‘disposable’ dial-up connections to constantly change IP addresses and avoid being blocked, making the lifespan of one address just a few hours.
Over $7m in cryptocurrency was stolen in 2019 after a blacklisting system failed to protect a compromised account. So not only will blocking result in customers being wrongly rejected and possibly taking their business to a competitor, hackers won’t have a hard time returning and attacking again.
As we move into the 2nd generation of threat intelligence, businesses need to refrain from simply blocking potential threats and consider cyber resilience solutions that do not disrupt the smooth running of business operations. The best way to prevent network infiltration and data exfiltration and allow business processes to continue seamlessly is by shielding against all known threats.
Shielding reduces risk and liability, as well as easing the noise on the back-end security stack, increasing the organization’s security posture and cyber resilience by minimizing risk factors as much as possible. As malicious sources are carefully verified, shielding is highly effective in preventing data infiltration. Bi-directional shielding adds another dimension – preventing data exfiltration to a known malicious source. Since these sources are known, there are few if any false positives and no disruption to the business process.
No business interruption
Centripetal understands the cost of business interruption, which is why we shield, from the outset and throughout, against all known sources of malicious activity. Our threat intelligence solution, CleanINTERNET, forms a virtual shield against “all risk traffic”, before analyzing all other events proactively through our cyber threat analysts that deliver their findings to you directly. Centripetal reduces SIEM/firewall alerts by up to 70%, alleviating the burden on your firewall administrators by up to 90% and increasing the efficiency of the security stack.