IntSights Integration with Threater

IntSights and Threater have joined forces to make threat intelligence more actionable, automated, and scalable.

This powerful integration enables organizations to truly defend forward by proactively using threat intelligence from the IntSights External Threat Protection Suite and the Threater platform to block IP and domain-based threats before they hit your network.

The ability to take action on threat intelligence is critical to maximizing its value. However, organizations often face challenges integrating threat intelligence into traditional network security controls like firewalls. Most firewalls have limited capacity to integrate third-party threat intelligence indicators, and managing external blocklists in firewalls is complex and time consuming.

Benefits

Strengthen network security by using threat intelligence proactively to protect your network from threats.

Reduce staff workload by automating IP and domain blocklists at scale.

Maximize threat intelligence ROI by making it actionable.

Features

Threater integrates threat intelligence from the IntSights Threat Intelligence Platform (TIP) and other sources to block up to 150 M known malicious IPs and domains before they hit your network.

Easily create IP and domain blocklists based on threat indicators from the IntSights TIP using the “out of the box” IntSights plugin in the Threater platform.

IntSights threat intelligence is automatically updated in the Threater platform, ensuring always-current network protection and reduced manual workloads.

Threater Provides Smart, Simple, & Scalable Network Security Everywhere

Threater blocks known bad traffic at scale using a combination of simple, innovative technology and best-in-class threat intelligence. We provide 30 million “out of the box” threat indicators from the world’s best sources and offer over 50 point-and-click integrations and connectors: ISACs, ISAOs, Threat Intelligence Platforms (TIPs), SIEMs, SOARs, or any other IP or domain based source.

Policy enforcement and blocking is handled by our Threater appliances, which can block up to 150M threat indicators in real-time with no latency. Threater inspects inbound and outbound traffic and makes simple, policy-based allow or deny decisions based on threat intelligence (IP reputation, block lists, allow lists), GEO-IP, and/or Autonomous System Number (ASN).

Threater can be flexibly deployed on physical, virtual or cloud appliances, as a cloud-based service or any combination of these. Regardless of deployment, we can protect your users and networks everywhere and our cloud-based Management Portal gives you a central point of visibility and control.

As data flows through Threater appliances, the Threater platform generates a significant amount of data that helps you analyze your security posture, identify and remediate threats in real time, and easily solve for false positives. Non-PII metadata is sent to our Global Management Center to allow quick analysis of your security posture and detailed data is sent to any SIEM, Syslog server or security analytics tool of your choice for further detailed analysis.

IntSights Threat Intelligence Platform Overview & Features

The IntSights Threat Intelligence Platform (TIP) helps organizations centralize and operationalize various sources of intelligence to ensure blocklists are up to date. View all organization-specific IOCs in a single dashboard that summarizes IOCs by severity so you can easily understand which threats pose the greatest risk to your enterprise.

Aggregation and centralization of public, private, and industry threat feeds
IOCs validated and prioritized for investigation based on risk severity and relevance
Was it Allowed or Denied?
Enriched IOCs pushed to endpoint security platforms for automated threat blocking
Integrated threat orchestration and mitigation
Instant takedowns for threats targeting your organization

The Threater-IntSights Integration — Automatically Block Threats with External Threat Intelligence

The IntSights Threat Intelligence Platform (TIP) integrates with the Threater platform. Threater pulls threat intelligence from IntSights and other sources to block connections to/from known malicious IPs and domains before they hit your network. Users can easily create automated IP and domain blacklists based on threat indicators from the IntSights TIP using the “out-of-the-box” IntSights plugin in the Threater platform. Blocklists can be configured based on severity and time intervals. Once configured, blocklists are automatically updated. Integration of the IntSights and Threater platforms strengthens network security, reduces manual workloads, and maximizes threat intelligence ROI by making it actionable.

The IntSights plugin is available via the Threater cloud-based Management Portal for both IPv4 and Domain blocklists. Access the plugin by selecting Denied Lists, Create Denied List, and IntSights from the dropdown menu.

DOWNLOAD pdf

Want to Learn More?
Contact Us.

Threater welcomes your questions. Please fill out the Contact Form and a Threater team member will reply within one business day.