Bandura ThreatBlockr Data Sheet
- Immediately improve network protection by using cyber intelligence from over 30 leading sources to block knownbad traffic that your current security stack is missing.
- Easily add cyber intelligence from any source with no limits.
- Mitigate false positives quickly and intuitively using automated allowed lists.
- Automation reduces manual work, saves time, and ensures you are always protecting your network with the latest cyber intelligence.
- Improve layered security efficiency and effectiveness by eliminating 30%-50% of the traffic hitting your security stack.
- Seamlessly integrates into and enhances the value of your existing security stack including firewalls, SIEMs, SOARs, NDR, and MDR.
Every successful cyber attack has breached a firewall at some point. Firewalls provide an important foundational layer of network protection but alone are insufficient to protect your network. Threats are getting past firewalls because they only use a limited amount of threat intelligence to detect and block threats and have limited ability to handle additional threat intelligence sources. On top of this, managing the small amount of threat intelligence you can add to a firewall is manual and too slow.
Bandura enables companies to establish a complete security solution by doing things that firewalls and existing security controls can't do. ThreatBlockr is Bandura’s patented, cybersecurity SaaS platform that automates the enforcement, deployment, and curation of cyber intelligence. ThreatBlockr uses massive volumes of threat intelligence to block known threats from hitting your network. ThreatBlockr’s automation does the heavy lifting for you ensuring you are always using the most current threat intelligence, reducing manual work, and saving you time. ThreatBlockr also frees up your firewall allowing it to be more efficient and effective.
How it Works
The ThreatBlockr platform consists of two main components:
- ThreatBlockr Orchestrator uses the cloud to automate the aggregation, integration, updating and curation of threat intelligence from multiple sources and deploys threat intelligence and simple policies to ThreatBlockr Nodes for enforcement.
- ThreatBlockr Node performs inline inspection of network traffic making policy-based allow and deny decisions based on cyber intelligence, country, and/or Autonomous System Number (ASN). ThreatBlockr Node can block up to 150 Million IP and domain indicators - more than 1000x the typical threat intelligence capacity of a firewall. ThreatBlockr Node can be deployed on premises, virtually, in cloud networks, and/or as a cloud-based service.
- Block tens of millions of known bad IPs and domains using threat intelligence from over 30 leading sources including DomainTools, Webroot, DHS, high fidelity open source threat intel feeds, and others. Also block traffic by country and ASN.
- Easy integration of industry threat intelligence from ISAC/ISAOs including E-ISAC, FS-ISAC, H-ISAC, MSISAC, and others.
- Over 50+ connectors (HTTPs, CSV, STIX/TAXII) and integrations with Threat Intelligence Platforms, SOARs, SIEMs, and others.
- Cyber Intelligence Marketplace provides easy access to additional cyber intelligence sources, such as Bambenek, Cyjax, Intel 471, Malware Patrol, Proofpoint, and more, all through one unified portal with no need for individual agreements.
- Mitigate false positives by identifying and allowing known good traffic using automated allowed lists.
- Cyber intelligence is automatically updated in real time.
- Rich log data provides visibility into threats targeting your networks. Powerful syslog export capabilities enable easy integration with SIEMs and log management solutions, such as Splunk, IBM QRadar, Gravwell, and more.
- Easy to deploy and manage. Turnkey solution deploys in 30 minutes or less. Simple and intuitive policy management.
- Centralized, multi-tenant management capabilities makes it easy to manage ThreatBlockr Node deployments across multiple sites and/or multiple customers.