Threat Intelligence is derived from continuously analyzing extremely large amounts of threat data with the goal of organizing and adding context to actual cyber threat activities, trends and attacks. Threat intelligence can come from external threat intelligence feeds, internal networks, analyzing past attacks, and human research. The best threat intelligence is typically gathered by always-on active sensors otherwise known as threat feeds.
A threat intelligence network is a collection of always updating and always learning feeds that create the foundation of powerful layered network security. These threat feeds allow individual devices and networks to leverage the intelligence of millions of devices to protect their endpoints and networks.
Antivirus programs can act as active sensors that feed data into a common threat intelligence network which is then used by the entire user base. Artificial intelligence (AI) and machine learning is essential when it comes time to turn mass amounts of data into actionable threat intelligence.
Why Threat Intelligence?
When threat intelligence is used businesses can proactively update their endpoint and network security in real-time without the need of manually updating network security environments. When one endpoint device encounters a threat, that intelligence can automatically update the greater threat intelligence network. This allows organizations to continuously stay ahead of cyber threats and cyber criminals while adding more certainty that they're protected from the latest cyber attacks.
With a robust threat intelligence network, policies can follow users wherever they go to ensure they’re protected from worldwide threats. Any requests for the internet initiated by a user on travel will get processed quickly at the nearest data center, but reporting, alerts, logs, and the like will stay in the user’s preferred geography.
Top threat intelligence feeds can have hundreds of millions of devices acting as security sensors that feed threat intelligence to all users that subscribe to that feed. Hundreds of thousands of security updates per day can occur automatically and seamlessly to end users and networks.
The Threat Network
Avast's immense threat intelligence network leverages cloud based machine learning and is constantly adding to our threat feeds. It's this threat intelligence combined with dozens of other leading threat feeds around the world that our network security solutions utilize. About our threat network:
- We have over 400 million devices reporting in to our threat network for Antivirus, acting as security sensors and feeding us threat intelligence for our users’ endpoints
- Our network threat protection partner is integrated into 60+ threat feeds, providing a well-rounded view of worldwide threats to network security
- These feeds are acting as always-awake security guards, observing, processing, and reporting on 30 billion requests per day
- There are over 100,000 security updates per day between our antivirus and network threat feeds. This is always on, always updated, and always on the cutting edge
- There are over 100 data centers across 5 continents, allowing policies to follow users. Any requests for the internet initiated by a user on travel will get processed quickly at the nearest data center
In Conclusion
Many businesses are finding that cloud based network security and secure web gateways fed by threat intelligence can ultimately replace legacy firewalls, appliances, software and much of the resources required to patch and update in traditional environments. That is why threat intelligence network technology is gaining in popularity and pushing cloud based network security, managed security services and security as a service into small and medium sized businesses.
Continue Reading...