Threater Everywhere: Vision, Strategy, Platform
Threater Everywhere is the vision and strategy we execute on, every day at Threater. More so than ever, data and users are everywhere and the ability to intelligently and consistently protect them wherever they are is critical. In this blog, we will take a high level look at the drivers behind our Threater Everywhere vision and how these are reflected in the strategy and capabilities of our platform. In future blogs, we will dig deeper into specific elements of Threater Everywhere and our platform.
Data and Users Are Increasingly Everywhere
The shifts to cloud computing and an increasingly remote and mobile workforce are long standing trends. However, both of these have been dramatically accelerated by the global pandemic. As a result, there are two major trends in play:
- More applications and data are shifting from traditional on-premises data centers to cloud environments; and
- More users are accessing applications and data from remote and mobile locations. This means more users are increasingly coming from networks organizations don’t control (like the wifi network at Starbucks).
The result is a significantly expanded attack surface and the need to protect applications, data, and users across multiple environments wherever they are.
Hybrid & Multicloud Environments are the Reality
Whenever significant technological shifts happen, it’s common to hear extreme views around the adoption of the “new” thing and the demise of the “old” thing.
“The world’s going all cloud; on prem data centers are dead!”
“Users are all remote today; there’s no need for an on prem solution!”
However, history shows extreme shifts rarely occur reinforcing the reality that technology adoption is evolutionary – not revolutionary. What this means is that environments today, and well into the future, will continue to be a mix of on-premise, cloud, and remote environments.
Hybrid IT Environments Consisting of On-Prem, Cloud, and Remote
While more apps and data are shifting from on-prem to the cloud, on-prem environments remain very relevant. The continued use of legacy applications remains one driver behind this, however there is another more important driver. The fact is despite all the benefits of cloud computing (you know the “ilities!”) there are still tremendous cost and scale advantages associated with hosting and operating IT from on-prem data centers. The result is that very few organizations are 100% on-prem or 100% cloud with most operating what are commonly referred to as hybrid environments.
The pandemic has resulted in a significant shift and acceleration of users accessing IT from remote and mobile networks vs. on prem environments. And, there is no doubt that some of these impacts will be permanent in nature. However, slowly but surely, the world is returning to a more “normal” state, which means that more users will be returning to work and office environments, at least on a part time basis. In fact, the new “new normal” will be characterized by hybrid users that split their time accessing applications and data from on prem and remote locations.
Organizations Increasingly Use Multiple Cloud Environments
As organizations increase their use of cloud environments, this typically leads to the use of multiple cloud environments or what is termed multicloud.
According to TechRepublic “Multicloud is the practice of using cloud services from multiple heterogeneous cloud services, as well as specialized platform-as-a-service (PaaS), infrastructure-as-a-service (IaaS), or software-as-a-service (SaaS) providers. Multicloud also includes using private clouds and hybrid clouds with multiple public cloud components.
This is validated by “hot of the presses” data from The Flexera 2021 State of the Cloud report. The report indicates that 92% of organizations have a multicloud strategy and 82% have a hybrid cloud strategy.
The multicloud trend is being driven by a desire to diversify but also because different cloud providers excel at different things. For example, Amazon Web Services (AWS) remains the de facto cloud leader, which means that if an organization is using cloud there’s a pretty good chance they’re using AWS. However, many of these organizations may also be heavy users of Microsoft, which means they are also likely using Azure for some workloads. In fact, according to the Flexera report, 50% of enterprises have significant workloads on AWS, 40% have them on Azure, and 22% have them on Google Cloud.
The Cybersecurity Challenges of Everywhere
Now that we’ve established that applications, data, and users are everywhere let’s look at some of the key cybersecurity challenges this creates. An obvious challenge is that organizations are dealing with a significantly expanded attack surface. Simply put, threat actors have access to significantly larger and more distributed attack vectors than ever before. An important byproduct of this is it increases the importance of using threat intelligence to gain visibility into threats and to protect your environments.
The expanded attack surface leads to another key challenge which is the ability to apply consistent security controls, policies, and threat intelligence across these multiple, diverse environments. Importantly, this needs to be done in a simple and scalable way. Unfortunately, this is easier said than done as it often requires organizations to stitch together and manage a complex mix of on prem security solutions, cloud native security controls (controls provided by the cloud provider), and third-party, cloud only security controls.
With a mix of on-prem and cloud environments, multiple cloud environments, and users operating in both on-prem and remote environments, it’s clear that data and users are truly everywhere. This means that organizations need the ability to secure data and users wherever they are.
Threater Everywhere
This is exactly what our Threater Everywhere strategy is about. It’s about giving organizations the ability to use our platform to deploy threat intelligence at scale to protect users wherever they are. Before we dig in how Threater Everywhere manifests itself in our platform, let’s take a quick step back and revisit what we do.
Threater blocks known bad traffic at scale without adding latency. We do this using massive volumes of third-party IP and domain threat intelligence data. Our cloud-based service aggregates threat intelligence from best-in-class threat intel data providers and integrates it from systems that generate actionable threat intelligence like Threat Intelligence Platforms, SIEMs, SOARs, endpoints, networks, etc. Our cloud-based network security service deploys dynamic threat intelligence and simple user-defined policies to our Threaters. The Threaters inspect inbound and outbound network traffic making allow or deny decisions based on threat intelligence, GEO-IP, and/or Autonomous System Number (ASN).
So back to Everywhere. As you can see in our platform graphic, our Threaters can be deployed wherever your data and users are.
Specifically:
- Threater is our traditional solution that is deployed on on-prem networks. Our Threater software is typically deployed on dedicated, commercial, off-the-shelf hardware appliances but can also be deployed as a virtual appliance on VMware.
- Threater Cloud is deployed on cloud networks. Currently Threater Cloud is available in AWS Marketplace. In the future, we will be extending Threater Cloud to support Microsoft Azure and Google Cloud.
- Threater Anywhere is a shared, cloud-based service that is initially being targeted at remote/work from home users. With Threater Anywhere, end user traffic is redirected via OpenVPN or a Squid web server proxy to a Threater hosted Threater Cloud service. This service effectively provides a secure, threat intelligence-powered VPN service to protect remote user traffic. In addition to the Threater shared cloud service, we’ve also made it easy for customers to build and operate their own Threater Anywhere service. This can be done in AWS by combining Threater Cloud for AWS with our Threater Anywhere Server.
A critical element of being able to deploy threat intelligence and protection Everywhere is the ability to do this in a simple and scalable way. This is where our cloud-based management portal comes into play. Our cloud-based management portal makes it easy for you to deploy, monitor, and manage multiple Threater deployments across on premise, cloud, and remote user environments.
Conclusion
It’s clear that, more so than ever, data and users are everywhere. IT environments will continue to be a mix of on prem and multicloud and the users accessing them will be hybrid accessing them from a mix of on prem and remote and mobile locations. The result is a significantly expanded attack surface and the need to deploy security controls, policies, and threat intelligence everywhere. Importantly, this needs to be done in a simple and scalable way.
Our vision and strategy of Threater Everywhere reflects the above realities and provides organizations with the ability to deploy threat intelligence at scale to protect users wherever they are – on prem, cloud, remote/mobile or all of the above.
Stay Tuned!
In the next blog in our Threater Everywhere series, we will do a deep dive how Threater can help you protect cloud environments.
If you are interested in learning more about how organizations are using Threater to make threat intelligence actionable in a simple and scalable way join us for our upcoming webinar – How Law Firms Are Using Threat Intellligence to Improve Cyber Defenses and Reduce Risk. We promise you don’t have to be a law firm to get value out of this webinar!
As always:
- If you are a current customer and have any questions, feel free to reach out to our customer support team at support@threater.com
- If you’d like to learn more about Threater’s platform integrations, visit the Integrations tab on www.threater.com
- If you’d like to get started with Threater’s platform today, contact sales@threater.com