Thursday, 21st March 2019

Investing in threat intelligence

When Ninepoint Partners LP integrated threat intelligence into its cybersecurity defense posture, this Toronto-based, investment management firm turned to Stealthcare, an international cybersecurity firm known for its human intelligence capability and Zero Day Live, a proven threat intelligence platform.

Here is how Chief Technology Officer, Neil Longmuir, of Ninepoint Partners put it: “There was no question that the threat Intelligence function of our cybersecurity posture had to be external to our inhouse defenses. Internally, our knowledge is limited to threats that have already been directed at us and their sources. We need to know what’s going on in the environment and what is coming at us over the horizon, so we outsourced this function to Stealthcare for its broad knowledge and ability to defend against both existing and emerging threats.”

Longmuir emphasized, “Effective cybersecurity can no longer rely on sitting inside a castle, not knowing what is going on outside our walls. We have to penetrate the enemy camp to get the intelligence we need to combat the threats, and the intelligence we now get from Stealthcare proves to us that the firm is on the leading edge of being aware of threats before anyone else. They are way ahead of the big players.”

Like most firms in the financial sector, Longmuir noted, “Cyberattacks come at us at a clip of more than a thousand per-minute from tens-of-thousands of sources—as many as 150,000 or more. Working with Stealthcare—and based on the parameters of the Palo Alto Next Generation (3000 series) Firewall—we pruned the known threat list to the most egregious ones, which came to about 50,000 IP addresses that have tried to penetrate our defenses and are currently active. Stealthcare then developed effective defenses against them in advance to make sure we were protected at the very outset of deploying ZDL.”

With Palo Alto’s Firewall, integrating the Zero Day Live platform was easy. “It was a known factor based on Stealthcare’s previous experience,” said Longmuir adding, “Palo Alto Firewall rules are being rebuilt every 60 minutes. With Zero Day Live we are in a protected position. Even if a new, never-before-seen, zero-day threat were to target our organization, we're confident that Zero Day Live will block it.

"According to Jeremy Samide, Stealthcare CEO, Zero Day Live was in development for over a decade. “Two years ago, ZDL became the world’s most complete cyberthreat intelligence and aggregation platform on the market. Since deployment, we’ve delivered threat intelligence predictions that gave clients the advance warning needed to defend against sophisticated and dangerous cyberattacks—attacks that range from state-sponsored groups such as Fancy Bear, Carbanak and the Gamaredon Group as well as those launched by lone wolves and terrorist groups.”

Notably ZDL identified the 2018 Samas ransomware variants that shut down Atlanta’s municipal services for days and, according to Riskemy Stealthcare’s Zero Day Live, “Spotted early warning signs of massive cyberattacks, including the WannaCry ransomware of 2017, the 2016 Dyn cyberattack, and attacks on both the Democratic and Republican National Committees.”

Longmuir stated that Stealthcare met a number of additional criteria that were key to his decision. “Stealthcare was flexible. From a financial viewpoint, the company allowed us to dip our feet in the water as opposed to diving in. Unlike some of the big brands in the industry that try to sell hardware with threat assessment as an adjunct to the equipment, Stealthcare focuses totally on threat Intelligence. An additional benefit; Stealthcare’s senior management team, led by their CEO, participated throughout the whole process—from introduction to onboarding and follow-up.”

He added, “Stealthcare is also cloud-based so scalability goes part-and-parcel with the ZDL platform and dovetails with my philosophy about the way threat assessment should work. With vendors who run their own servers, there are too many points of failure. If Stealthcare were not cloud-based, it would have taken too much due diligence on my part to evaluate the architecture, and I would not have selected them.”

Other benefits include the ZDL Dashboard, which operates on a single pane of glass. “Everything is in one place and the intel is actionable by our small team. You don’t waste time searching about to make sense of a threat, the platform immediately takes action and fixes it, without the need for human intervention.” Longmuir said.

Reporting— a big part of cybersecurity is selling cybersecurity to the board of directors, according to Longmuir. “It’s like maintaining a good diet, the health benefits are not readily apparent until you go off it. Likewise, selling cybersecurity internally is an ongoing process. It’s one thing for me to know about the threats and know that they are being identified, and quite another to get reports from our security infrastructure. I can point out specific threats and say, ‘these five were blocked by a feature included with ZDL, how they are being stopped and how this supports our compliance standards. It clearly shows our return on investment.”

When asked, What keeps you up at night? Longmuir said, “I’m not worried about getting hacked the way I once was. I can see what is being blocked globally and locally, so I’m certainly not losing sleep over security. Now I worry about the markets opening on Monday morning!”

Weaponisation of DDoS sees British companies impacted lose average of £140,000 due to DDoS attacks,...
As central banks embrace prospect of digital currencies, ensuring hardened security a foremost prior...
Global packaging manufacturer uses the Cognito® platform from Vectra to expose hidden attackers and...
Seventy-two percent believe nation-states have right to ‘hack back’ cybercriminals.
Real-time threat isolation protects against malware introduced through email, browsers and files, pr...
ABP Food Group, Europe's leading beef processor and private label pet food producer, has turned to L...
Digital manufacturing software provider expands its data security with SafeNet Data Protection on De...
Almost half (45 percent) of UK organisations have been compromised by phishing attacks in the last t...