Gathering threat intelligence is one thing, but being able to actually act on it in a meaningful way is quite another.
In a move that promises to make threat intelligence software more useful, this week at the Check Point Experience 2014 conference, Check Point Software Technologies announced ThreatCloud IntelliStore, an online marketplace through which customers can gain access to threat intelligence services from iSIGHT, CrowdStrike, IID, NetClean, PhishLabs, SenseCy and ThreatGRID.
Alon Kantor, vice president of business development for Check Point, says that in addition to threat intelligence, as the provider of IT security firewalls and gateways, Check Point is making it possible to access any of the threat security feeds available via the ThreatCloud Intellistore.
Beyond simply making that information available, Kantor says Check Point is distinguishing itself by allowing customers to automate the process of applying policies to Check Point enforcement gateways based on the latest threat intelligence. In effect, Kantor says that Check Point is creating an ecosystem around an open application programming interface (API) for threat intelligence that forewarns customers of potential threats in a way that they can more easily act on.
When it comes to threat intelligence, there appears to be something of an arms race going on. In fact, just this week Cisco announced that it is acquiring ThreatGRID. But as interesting as all that security intelligence might be, it is only valuable within the context of the process that automates the remediation of the vulnerabilities identified. Otherwise, IT organizations are essentially powerless to defend themselves, because it’s only a matter of time before their manual processes are overwhelmed by the volume of potential threats.