For most companies, security and IT systems are growing in complexity, breadth of scope, and coverage, which consumes budget and staff time. The rapid breakdown of the traditional perimeter in this “new normal” world increases the challenges IT teams and remote users face on a daily basis.
In light of new, cloud-driven requirements to support remote users and applications, IT teams are undergoing a transformation to build out their new security strategy while maintaining many of their existing investments. The difficulties grow exponentially when it comes to leveraging old and new portions of the security stack to respond in a timely manner to the wide array of new attack vectors. Threat actors target different parts of the enterprise, looking for security gaps between protections in the cloud and the endpoint. Much like the response to any type of crisis, hoarding information in silos is counterproductive to resolution. For our customers, we aim to break the silos down in order to share information about a threat actor’s activities and to build effective defenses and prevention capabilities.
Challenges with Silos
Each security stack component has its own world view of the threat landscape. For example, an endpoint product might have the latest threat intel on attacks on desktop operating systems, and such information would also be valuable if the threat could be stopped before it reaches the user. SIEM and UEBA engines do a great job of surfacing high-value data (by ingesting information from multiple sources), but they are not designed for the distribution and orchestration of threat information with other systems. Any delay in the time to respond provides a gap in intelligence that threat actors can exploit. To address this need, there are SOAR solutions such as those developed by Netskope partners at Exabeam, SIEMplify, Splunk, Swimlane, Helix, and Workspace One, but sometimes there is a simpler answer.
Netskope wants to help customers and partners scale their own threat intelligence sharing of globally-useful indicators of compromise, which is why we are announcing the availability of the Cloud Threat Exchange.
Solution – Cloud Threat Exchange
Cloud Threat Exchange (CTE) helps our customers get the most out of all of their security investments by sharing customer-specific intelligence with every other connected component of their stack. This capability complements (rather than replaces) threat sharing functions of any given integrated partner and helps customers maximize the effectiveness of their protection using automation and orchestration to stop an attack.
CTE improves the opportunity to stop an attack earlier in the kill chain by making sure that every security measure works in conjunction with one another to coordinate a response. This improves the overall effectiveness of the security because it closes the gaps in conventional security stacks by providing the latest information on emerging threats across all of the organization’s defenses.
Netskope is pleased to announce the availability of Cloud Threat Exchange, with support from a number of ecosystem partners. Netskope CTE is also able to take advantage of public API made available for the Microsoft Cloud Application Security and DefenderATP endpoint protection solutions to exchange IOC with customers’ Microsoft deployments. In addition to the out-of-the-box support, our customers and partners may build their own plug-ins for use in their own unique environments and use cases.
Integrated Cloud Threat Exchange partner FireEye is excited to have built its own plug-in to utilize this sharing architecture. Phani Modali, Vice President of Global Sustaining Engineering for Cloud SIEM stated, “Organizations need to respond to threats faster to protect themselves and their employees. This integration lets our joint customers aggregate all threats in FireEye Helix, while instantly sharing these insights through network, endpoint, email, and other security tools and back to Netskope to reduce threats seen in the cloud.”