Blog General Infosec

How to Make DomainTools’ Threat Intelligence Actionable in a Threat Intelligence Firewall Solution

New and Emerging Security Solutions

The Next Generation Firewall (NGFW) solution is still a tried and true technology as a first line of network defense to keep bad actors out for many organizations, as this technology inspects incoming traffic at the application layer. But as threats have evolved and increased in volume, a new technology has emerged to work in tandem with the firewall, the Threat Intelligence Firewall.

A Threat Intelligence Firewall can lighten the load on the NGFW l and proactively block known badness before it even reaches the NGFW, without affecting network performance. While a Threat Intelligence Firewall solution reduces the traffic to the NGFW, it also enables the firewall to concentrate CPU cycles on scrutinizing the more complicated and elusive attack types that require more attention. But if Threat Intelligence Firewalls can block known badness, how can they get ahead of emerging threats and block the unknown? The answer is by ingesting threat intelligence and making it actionable.

Leveraging Predictive Threat Data within a Threat Intelligence Firewall

The dynamic and continually evolving nature of cyber threats can be cumbersome and overwhelming for an organization’s security technologies and teams. However, even with all the data available, without a means to prioritize and take action, organizations are still left vulnerable. The key to success is assessing the risk, aggregating, integrating, and taking action on threat intelligence.

The Power of Domain and DNS Infrastructure Intelligence 

Domain-based threats continue to be a significant attack vector for cyber criminals launching phishing, malware, spam, and other attacks. DomainTools analyzes massive volumes of various data (i.e. domain infrastructure, registration, domain name itself, etc.) and turns this data into infrastructure intelligence that can be leveraged within various technologies such as a Firewall, TIG, TIP, SIEM, SOAR, etc.

Realtime, Real World Threats – COVID-19

A few months ago organizations were seeing an increase in nation-state threats, and though those probably haven’t stopped, today, there is a large focus on COVID-19 related threats. Arming NetOps and SecOps professionals with predictive threat intelligence is imperative to bolstering cyber defenses and reducing the risk associated with these dynamic threats.

How DomainTools & Bandura Cyber Help You Take Decisive Action on Threat Intelligence

DomainTools provides predictive threat intelligence and Bandura Cyber’s Threat Intelligence Firewall platform provides the mechanism to make this threat intelligence actionable to increase protection for customers.

Click here to register for the Making Threat Intelligence Actionable with DomainTools and Bandura Cyber webinar to learn more.

PB&J – How the Two Work Together  

  • A critical component of the Bandura Cyber Platform is threat intelligence. That is why Bandura Cyber partners with leading threat intelligence providers like DomainTools, to deliver “out of the box” threat intelligence that increases threat protection for our customers.
  • DomainTools Risk Score predicts how likely a domain is to be malicious, often before it is weaponized. This can close the window of vulnerability between the time a malicious domain is registered, and when it is observed and reported causing harm. Domain Risk Score analyzes a domain’s association to known-bad infrastructure, as well as intrinsic properties of the domain that closely resemble those of known phishing, malware, and spam domains.
  • One of the threat intel feeds Bandura Cyber provides within the solution is a Malicious Domain Blacklist that is powered by threat intelligence from DomainTools.  Specifically, this is an automated, dynamic blocklist that includes domains with a DomainTools Risk Score of 99 and higher.  These are domains that have a high probability of being weaponized for use in phishing, malware, spam, and other attacks.
  • The Bandura Cyber Threat Intelligence Firewall platform makes this threat intelligence actionable by blocking known bad traffic before it hits the network.

Why Organizations Can’t Do This With Just a Firewall  

The size of the DomainTools/Bandura Cyber Malicious Domain Blacklist is typically 22+ million domain indicators at any moment. Trying to integrate a third-party threat intel feed of this magnitude into a next-generation firewall is next to impossible.  This is because many firewalls have significant limitations on the volume of third-party threat intelligence they can integrate. Bandura Cyber’s Threat Intelligence Firewall platform, can handle up to 150 million unique IP and domain indicators at line speed.

The Next Level: DomainTools and Bandura Cyber Join Forces in this Educational Webinar

Together, DomainTools and Bandura Cyber are enabling our customers to make threat intelligence actionable at a scale beyond that of traditional network security controls like next-generation firewalls.

Check out our educational webinar, where our security experts will explore:

  • How DomainTools creates actionable domain threat intelligence;
  • How predictive domain risk scoring can help organizations block malicious domains before they are operationalized;
  • How the Bandura Cyber Threat Intelligence Firewall platform makes DomainTools cyber threat intelligence actionable by blocking known bad traffic before it hits the network; and
  • A look at how DomainTools and Bandura Cyber joined forces to mitigate COVID-19 related threats