Real-time Attention to Real Threats

CleanINTERNET® is an intelligence-powered security solution using high performance computing technology, patented software algorithms and uniquely skilled security analysts to deliver a robust alternative protection strategy at significantly lower cost. CleanINTERNET presents an alternative approach to cybersecurity, putting threat intelligence at the forefront, moving from reactive to proactive defense, and helping security teams be more efficient and effective.

The first step in deployment of CleanINTERNET is deployment of our RuleGATE®.  This is installed at your network edge between the ISP and the firewall.  This only takes as long as the time for you to rack, power and cable the RuleGATE. While this varies, it typically takes less than 45 minutes.  It is installed with zero impact on your network traffic.  It is set up with an external management port as well as a network tap which provides visibility of network traffic inside the firewall.  Once activated, the RuleGATE will be registered and visible to the CleanINTERNET service, monitoring and shielding traffic according to the implemented policy. It will highlight traffic to be assessed and evaluated by our Security Operations team.

• Scale. To leverage all available data for indicators of compromise (IOCs) it requires far more processing power than is technologically possible. Firewalls can handle less than 1% of currently available high fidelity intelligence. Our Threat Intelligence Gateway, the RuleGate®, employs thousands of feeds constituting billions of risk normalized IOCs.
• Dynamics. The power of intelligence is keeping up with the real-time threat environment. This means aggregating, deduplicating and validating millions of IOCs every day as they emerge in real-time. Centripetal’s intelligence continuously updates with no loss of service or protection.
• Context. Intelligence operations are not blunt blacklisting, context matters. This means every in-network action must also collect extensive meta-data to make risk-based analysis possible. As events are observed, Centripetal builds a meta-data record for every event capturing all observable risk factors in the traffic and pairing them with risk factors in the intelligence. We then record the full transaction for later forensics and correlate session and flow information. Our systems score and process all of the collected events in real time using artificial intelligence technologies and then dynamically alert our human intelligence operations analysts.

An Intrusion Detection System (IDS) uses signature-based detection to identify malware on the wire. It can trigger a security incident and can be an important indicator of an attack in progress.  An Intrusion Protection System (IPS) sits inline in the network and can block the attack at point of ingress.  However, most IPS systems are not sufficiently powered to be able to handle a full network load without introducing latency. 

CleanINTERNET uses IDS functionality to perform a secondary inspection on traffic deemed suspicious, but not necessarily shielded initially.  This can be used to provide immediate feedback to the user and to intelligence analysts, indicating that the traffic is in fact malicious and should be shielded.  Immediate changes to the policy can then be applied.

Managed Detection and Response (MDR) is principally a forensic activity that happens after a high risk event has already occurred. The power of threat intelligence is being able to act before an event happens. CleanINTERNET is a proactive approach that leverages  intelligence to proactively prevent high risk events. As more threats are prevented, the downstream burden on every tool, process, and human is reduced –  optimizing people, process and posture.

Many enterprises are wisely choosing to outsource their security monitoring and response needs to specialist security service providers.  It is not feasible for many smaller companies to build up the skill sets, tools, and processes required to implement a comprehensive cybersecurity defense. CleanINTERNET® can implement or augment a Managed Security Service Provider (MSSP) capability for small and medium enterprises, acting as the Security Operations Center (SOC) or working alongside customer or partner IT resources – driving targeted remediation and risk reduction.

Threat Intelligence Gateways provide blocking of known threats at the network perimeter based on reputation.  CleanINTERNET’s RuleGATE provides TIG functionality, but it is important to recognize the unique capabilities of Centripetal’s Threat Intelligence interpretation and processing. This includes the massive processing capability of the RuleGATE hardware and software, and the additional oversight and guidance provided by Centripetal’s Intelligence Operations Analysts.  As a managed service, CleanINTERNET combines intelligence, technology, processes and skills together to redefine the category of Threat Intelligence Gateways.

A typical threat intelligence platform ingests information from one or more providers, usually open source or a proprietary source, and provides tools to sort and search the data. These are used by SOC analysts as a tool to aid in the threat hunting process. 

CleanINTERNET aggregates the widest set of sources of threat intelligence, consolidating them into an unmatched high-fidelity feed of threat intelligence that is used to power the CIeanINTERNET Threat Intelligence Gateway, the RuleGate. CleanINTERNET® operationalizes and automates this superset of threat intelligence unique to the industry.

Network Detection and Response (NDR) is an increasingly popular technology fitting into the XDR category, focused on gathering information about behavior in the network.  EDR focuses on Endpoints, and NDR on the network traffic between all entities.  These tools typically feed  into an SIEM which is used to correlate these events, interpret the behavior, and aid the threat analyst in identifying malicious traffic.  This process is both data heavy and dependent on advanced skill sets. While the largest enterprises are seeing value in this technology, it is less clear that it is applicable across organizations of all sizes. 

Ultimately, an NDR is a luxury that most enterprises will see limited value in. An alternative approach is to eliminate or significantly reduce the malicious traffic entering the network in the first place. By implementing a secure first line of defense using CleanINTERNET, you will see reduced resourcing requirements in threat hunting and security operations. 

Typically, a Cyber Asset Attack Surface Management tool catalogs and monitors all assets in the enterprise, minimizes the attack surface, and gives the adversary as little information about the security posture of the business as possible. Because CleanINTERNET shields the network from reconnaissance traffic from known bad actors, it also reduces the visible attack surface, effectively hiding the assets from adversaries.

We do not rely on or take out any personally identifiable information from your network. The information we act on is publicly available addressing information that is already visible on the internet. If an event warrants payload analysis through internal packet capture (PCAP) collection, that information is contained within your network and is not accessible to us without your consent. This is a common concern and thus we’ve designed our systems and services explicitly to preserve privacy.