The Threat Intelligence Gateway Waging War On 100M Threat Vectors

Firewalls, from the biggest to the smallest, are under assault all day, every day from the staggering number of cybersecurity threats floating around the digital sphere — a fact that probably doesn’t come as much of a shock to most people at this point.

The “good” news from the half-decade of stories about breach after breach is that there are no surprises left when it comes to being under assault by cybercriminals. Everyone knows that they are trawling the web for data of all kinds that they aren’t supposed to have, and that there are no weekends, vacation days or holidays when it comes to cybercrime.

While that revelation may not come as a great shock to a relatively informed consumer, what might surprise most people, CEO Chris Fedde of Bandura Systems told Karen Webster in a recent conversation, is the scale of the cyberthreats — or just how many threats that firewalls, big and small, are trying to battle daily.

“There are literally 100 million threat indicators out there,” Fedde said, “which translates into 10 million distinct threats.”

Firewalls exist to repel those kinds of threats, but even the biggest and toughest firewalls in the world currently running in Silicon Valley can, at most, absorb 200,000 to 300,000 threat indicators at once, which is only a tiny fraction of the threat intelligence out there at any given time. Being hit with so much more than it can handle is going to affect a firewall’s function and will guarantee that things are going to slip through. That, he noted, is just an outcome of the law of large numbers.

Though businesses of all sizes have embraced threat intelligence and a concept (meaning various layers of security software and artificial intelligence [AI] are going to search out those threats before they can do any damage to the system), Fedde says that’s a less than wholly efficient use of those security systems. Currently, threat intelligence is often used in a detect-and-respond capacity, which roots out problems in a network, but in a very high-touch, high-energy way.

To take all that touch out of the system, Bandura offers what it describes as the Threat Intelligence Gateway, a piece of technology that sits in front of a business’ firewall and absorbs known threats before they ever hit it.

Why Timing Is Everything
 
Bandura didn’t start out as a commercial enterprise, Fedde noted, but as a government research firm called TechGuard, which specialized in projects for the U.S. Department of Defense (DoD).

“That is where the Threat Intelligence Gateway was first developed, and then they worked with their government partners to see if this was a concept that was as powerful as they thought it was,” he said.

It was — so TechGuard moved into its private product business (Bandura) with its security gateway. Until last week, Bandura was a wholly owned subsidiary of TechGuard. However, as of its $4 million Series A funding round, Bandura is officially a stand-alone firm, though TechGuard is an investor.

According to Fedde, who joined the firm in February, the timing is right for a firm like Bandura for two reasons.

The first, he noted, is that businesses of all sizes are singing from the same hymnal when it comes to threat intelligence. As recently as a few years, firms would push back on the concept or ask why they needed to worry themselves with it. These days, even mom-and-pop shops understand the importance of it, even if they aren’t using any specific threat intelligence tools just yet.

The other issue, Fedde added, is the simple complexity of construction. It’s not easy to build a technological product that will essentially act as a massive filter for millions of potential digital threats before they hit a firewall.

“It is hard to overstate the massive scale of it. It require[s] purpose-built devices that could, in fact, ingest tens of millions of indicators,” he said, “then convert those into blocking mechanisms without affecting the performance of the network.”

It’s a big claim to make, and while Bandura isn’t the only firm doing so these days, it is the only one making that claim with the backing of the U.S. DoD, or mega-players like insurance firm AIG. Though big brands offer their bona fides, Bandura is seeing a lot of its growth with small firms.

The All-Sized Approach

Small networks can work with Bandura as easily as larger ones do. In fact, Fedde noted, the business segment it is most popular with is small and medium-sized businesses (SMBs), specifically banks.

“We get a lot of traction with SMB because we offer something that they can afford, and access to a wealth of actionable data to allow their systems to run better,” said Fedde.

Small business and medium-sized banks aren’t actually catching a break from cybercriminals and attacks because they are smaller — attackers, in general, don’t have a well-developed sense of fairness. Regional banks are often sifting through tens of millions of fraud indicators, and they need a way to sift through them. To do that, he said, they often have to be educated as to what level of threats they are actually facing. SMBs often don’t know what they don’t know, and the easiest way to help them understand what a Threat Intelligence Gateway can do is to stop telling them about it and start showing them.

Fedde explained, “We’ll send them a device, and they can plug and see what kinds of things they are getting hammered with versus what they get when the turn on our services and we start absorbing all of those known threats. I would say [that] 90 percent of the time we install a potential client with a demo, we get the order.”

Seeing, it seems, is often believing.

Once they’ve seen, he noted, they can also customize. Small business can set their Bandura to filter, then forget about it. More data-curious businesses can zoom in on what kinds of threats Bandura is seeing and repelling. Those accounts are handled on a monthly subscription. However, as a product that started out being built for government agencies, they can be even more flexible than that.

“We have some government contracts where we provide a device and they pay an annual fee, and that is all the contact they ever want to have,” he added.

Helping Systems Run Better

Bandura’s Threat Intelligence Gateway,  according to Fedde, is designed to capture known threats — and thanks to the remarkable advances in risk detection and threat intelligence, many of the threats out there are known. By using the custom tool to filter them out, Bandura can significantly lighten a big part of the security load for businesses.

However, he noted, it does not entirely lift the weight.

There is the 5 percent of threats that are unknown — advanced threats that Bandura’s system can’t see (yet). But even though it doesn’t detect those threats, Bandura makes it much easier for other security systems to do so because it has pushed back the noise-to-signal ratio.

“We can start clearing the field so that businesses aren’t getting [clobbered] by millions of known threats,” Fedde said. “That makes is easier for advanced threats and unknown threats to get through.”

Those targeting advanced threats can do their job much better if firms like Bandura can clear the security clutter away first, so they can focus on the new “great” idea out of cybercrime. That, Fedde pointed out, will probably be with use.

Though he is new to Bandura, Fedde has worked in cybersecurity for almost four decades. In that time, has seen it spike, particularly in recent years. Today, there are 10 million threats out there, he said, and there were maybe 3 million 10 years ago.

While cybercrime is growing, he noted that the tools used to fight it are getting better. Ten years ago, one couldn’t get the real-time data necessary to really take on, filter out and hold back intrusions. Today, the right tech with the right business models can provide that level of service to enterprises large and small.

“There are more attacks than ever,” Fedde said, adding that “we are also better than we have ever been about seeing them and shutting them down before they start.”