A constellation of stars, representing Bandura Cyber's commitment to increasing cyber security.

How A Threat Intelligence Gateway Can Help You Better Align with the NIST Cybersecurity Framework

POSTED ON 07 MARCH 2018 // BY TODD WELLER

In the recent blog, “Importance of Threat Intelligence Increasing in NIST Cybersecurity Framework,” we discussed how threat intelligence was becoming a more critical component of the NIST Framework. In this blog, we will look at how threat intelligence gateways (TIGs) and specifically the Bandura Cyber TIG™ can help companies of all sizes better align to the NIST Cybersecurity Framework.

What is a Threat Intelligence Gateway (TIG)?

Threat intelligence gateways (TIGs) are an exciting, new area of cybersecurity technology. TIGs are purpose-built security solutions that use massive volumes of threat intelligence indicators (IPs and domains) to block known threats and unwanted traffic from entering your network. Now you may say “hey that’s what my firewall does!”

The answer is yes and no. While many firewalls incorporate an element of threat intelligence, they are only able to use a very small subset of available threat intelligence indicators. This is because they weren’t architected to handle the massive volume of threat indicators that exist today. To put this in perspective, at any one point there are 10+ million known threats and the best firewalls can only consume indicators covering 3% of these.

The result? An expanded attack surface, more alerts, and more load on our staff (i.e. alert overload, manual firewall log analysis).

At Bandura, we saw this problem several years ago, which led us to pioneer the TIG market with the development of our Bandura Cyber TIG solution. Bandura Cyber TIG sits in front of the firewall and can leverage hundreds of millions of threat indicators to detect and block known threats at massive scale with virtually no latency.

Over 100 customers have deployed our solution and they are seeing clear benefits including a significant reduction in attack surface, fewer events from firewall and SIEM systems, and more efficient use of scarce security staff. Customers are also getting more out of their firewalls.

The cool thing about TIGs is that they are helping companies of all sizes leverage the power of threat intelligence. Small and midsized companies that haven’t had the resources to use threat intelligence can use a TIG to easily and cost effectively incorporate threat intelligence into cyber protection efforts. Large enterprises that are using threat intelligence are looking to integrate this into TIGs to operationalize threat intelligence making it actionable.

How Bandura Cyber TIG Can Help You Better Align to the NIST Cybersecurity Framework

As we discussed in the previous blog, consuming, operationalizing, and sharing threat intelligence is becoming a more important element across the NIST Framework. Bandura Cyber TIG can help companies of all sizes better align to the core functions of the Framework and progress through the implementation tiers (i.e. maturity curve).

TIGS Help Alignment with Multiple Key Framework Functions

The NIST Cybersecurity Framework is comprised of five key functions: Identify, Protect, Detect, Respond, & Recover. The use of a threat intelligence gateway like Bandura Cyber TIG can help organizations align to multiple functions.

 

  • Identify – Threat intelligence is becoming a requirement for organizations to better understand their cyber risk, a key goal of this function. The Framework specifically highlights that “cyber threat intelligence is received from information sharing forums and sources.” Bandura Cyber TIG comes pre-integrated with millions of threat indicators from commercial, open source, industry (i.e. ISAC blacklists), and government sources enabling companies to better identify cyber risks and threats. To date, threat intelligence has been largely used by large enterprises with significant resources. However, now with Bandura Cyber TIG, small and midsized companies can easily, and cost effectively leverage threat intelligence to gaining greater visibility into cyber threats.
  • Protect – Bandura Cyber TIG can be used to enhance prevention efforts by enabling companies to operationalize threat intelligence and block the massive volume of known threats before they get to the firewall. Companies can leverage our pre-integrated threat intelligence and/or leverage the open nature of the Bandura Cyber TIG (including support for standards like STIX and TAXII) to integrate third-party threat intelligence indicators and act on them.
  • Detect – While Bandura Cyber TIG can be used in prevention mode to block known threats and unwanted traffic, it can also be used in detection mode providing visibility into malicious traffic on your network. In this case, Bandura Cyber TIG enhances security monitoring efforts.
  • Respond – Bandura Cyber TIG also helps with incident response efforts. As an element of response, the NIST Framework specifically points to containing and mitigating incidents. In this area new threat indicators can be rapidly deployed via automation and enforced by the Bandura Cyber TIG containing incidents and preventing future occurrences.

Bandura Cyber TIG & The NIST Framework Implementation Tiers

While Bandura Cyber TIG helps companies of all sizes better align to NIST functions, it can also help companies progress along the NIST Framework Implementation tiers. Framework implementation tiers incorporate a progressive use of threat intelligence and information sharing as one goes from Tier 1 (Partial) to Tier 4 (Adaptive).

Because Bandura Cyber TIG enables an organization to leverage threat intelligence to identify, protect, detect, and respond to cyber threats it represents a key technology to enable organizations to progress along the NIST Framework maturity spectrum.

For example, at Tier 1 (Partial) an organization can leverage Bandura Cyber TIG to gain greater visibility into cyber threats and risks. As the maturity of a security operation increases, our solution can be leveraged to incorporate more sources of threat intelligence, enable greater intelligence information sharing (i.e. STIX and TAXII support), and enable more dynamic and adaptive threat-intelligence driven protection (i.e. new threat indicator identified by SIEM system; indicator automatically pushed out to Bandura Cyber TIG for enforcement).

Need a Quick Sheet of How Threat Intelligence Gateways conform to NIST Cybersecurity Standards?

Download “How Bandura TIG Aligns to the NIST 800-171 Cybersecurity Framework” to read more about which NIST Cybersecurity Framework categories TIGs align to.

An info sheet about how Bandura Cyber aligns to the NIST cybersecurity frameworks

End User License Agreement

This is an End User License Agreement (the “Agreement“) between Bandura Cyber, Inc. (“Bandura“), You (or “User” or “your”) and the insurance company affiliate of American International Group, Inc. that issued the insurance policy providing the IP Blocking Solution to you (with its affiliates, “AIG“) (each, a “Party” and collectively, the “Parties“).
Subject to the terms and conditions of this Agreement, Bandura is providing the User, as a qualified policyholder of a cyber insurance policy issued by AIG, one Bandura threat intelligence network security appliance (the “Network Appliance“), including Bandura’s IP Blocking software (together with any third party proprietary software, and any patches, updates, improvements, additions and other modifications or revised versions that may be provided by Bandura or its licensors from time to time, the “Licensed Software“) and open source code software programs (each, an “Open Source Program” and together with the Licensed Software, the “Software“) provided to User as necessary to deliver the blacklist IP blocking service (“IP Blocking Service“). This Agreement is valid and becomes effective upon User’s electronic acceptance of its terms. BY CLICKING THE “I ACCEPT” BUTTON YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, UNDERSTAND IT, AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS.

1. Grant of License.

User acknowledges and agrees that: (i) AIG has contracted with Bandura to make the Licensed Software, IP Blocking Service and associated services available to you at no cost to you; (ii) the Licensed Software, IP Blocking Service and all associated services are being licensed and provided by Bandura, and not by AIG; (iii) neither Bandura nor AIG shall be liable for any damages to User caused by the Licensed Software, IP Blocking Service or any associated services; (iv) Bandura will have access to certain of your information and has developed a policy, which can be viewed at https://banduracyber.com/privacy-policy/ to address your privacy concerns; and (v) AIG will have access to certain of your information and has developed a policy, which can be viewed at www.aig.com, to address your privacy concerns.

Subject to this Agreement, Bandura grants User a non-exclusive, non-assignable, non-transferable, revocable, limited right and license to use the Licensed Software and IP Blocking Service, together with Bandura’s release notes or other similar instructions in hard copy or machine readable form supplied by Bandura to User that describes the functionality of the Network Appliance and/or the Software purchased or licensed hereunder (the “Documentation“). User shall not (i) license, sublicense, lease, sublease, sell, resell, transfer, assign, reverse engineer, decompile, disassemble, sublicense or distribute or otherwise make available to any third party the Licensed Software, IP Blocking Service, or the Documentation, (ii) modify or make derivative works based upon the Licensed Software, IP Blocking Service, or the Documentation; (iii) commercially exploit the Licensed Software, IP Blocking Service or Documentation in any way, or (iv) create Internet “links” to the Licensed Software or “frame” or “mirror” the Licensed Software on any other server, wireless or Internet-based device; (v) impersonate another user of the Licensed Software or IP Blocking Service; (vi) use the Licensed Software or IP Blocking Service to violate the rights of or cause injury to any person or entity; (vii) remove, alter or obscure any proprietary or copyright notice, labels, or marks on the hardware components of the Network Appliance or within the Software; or (viii) disable or circumvent any access control or related security measure, process or procedure established with respect to the Network Appliance or any Software or any other part thereof.

You are solely responsible for maintaining the confidentiality of the access information provided to you for access to the Licensed Software (“Credentials“), and you agree to keep this information confidential. You are solely responsible for all activity that occurs through use of the Credentials. You will not: (1) use another user’s Credentials to obtain copies of or access to the Licensed Software; (2) use your Credentials to download unauthorized copies of or grant others access to the Licensed Software; (3) use the Licensed Software in a way that violates any third party’s rights or any applicable law; (4) upload any files or software that may damage or provide unauthorized access to the data, software or hardware of another; or (5) interfere or allow interference with the proper functioning of the Licensed Software.

If the User is entitled to and elects to receive the IP Blocking Service, Bandura will provide one (1) Network Appliance at no additional charge. Title to and ownership of such Network Appliance provided to the User in connection with the IP Blocking Service will transfer to the User. Bandura will determine the appropriate IP Blocking Service to deliver to each User. Additional Network Appliances can be purchased from Bandura.

The scope of use of any Open Source Programs shall be governed by the applicable open source license agreement included with the Licensed Software. User acknowledges that each Open Source Program is distributed under the Open Source Program license applicable to such Open Source Program, and only such license, and this Agreement in no ways supplements or detracts from any term or conditions of such open source license agreement (the “Open Source License“). Notwithstanding anything to the contrary in this Agreement, User agrees and acknowledges that the rights attached to any Open Source Programs provided hereunder are separate from and do not depend on the Open Source Programs being part of, or used in connection with, the Software or the Network Appliance.

2. Proprietary Rights.

User acknowledges that ownership of and title in and to all intellectual property rights, including patent, trademark, service mark, copyright, and trade secret rights, in the Licensed Software and IP Blocking Service are and shall remain in Bandura. User acquires only the right to use the Licensed Software and IP Blocking Service and does not acquire any ownership rights or title in or to the Licensed Software or IP Blocking Service. All modifications, updates, revisions and extensions to the Licensed Software, IP Blocking Service and Documentation shall be considered part of the Licensed Software, IP Blocking Service and Documentation for purposes of this Section 2. All data, information, content, graphics, text and other materials or applications prepared by User through the use of the Licensed Software, added by User or integrated by User with the Licensed Software, shall be the sole property of User. You understand that neither Bandura nor AIG has any obligation to monitor the areas of the Licensed Software through which the User can supply information or material.

3. Warranty and Indemnification.

Bandura represents, warrants and covenants that it owns the Licensed Software, including all intellectual property rights therein, and that Bandura has all rights necessary to license and/or provide, in accordance with the terms of this Agreement, the Licensed Software, IP Blocking Service and appropriate Network Appliance, if any, to User.

3.1 Indemnification of AIG:

Bandura shall indemnify and hold AIG harmless against claims, liabilities, and costs, including reasonable attorneys’ fees, incurred in the defense of any claim brought against AIG by User or any other third party in connection with the Licensed Software and/or IP Blocking Service, including, but not limited to, malfunction of a Network Appliance, User’s inability to use the IP Blocking Service or Network Appliance, and/or any damage to User’s network.

3.2 Indemnification of User:

Bandura shall indemnify User against claims, liabilities, and costs, including reasonable attorneys’ fees, reasonably incurred in the defense of any claim brought against User by third parties alleging that User’s use of the Licensed Software, IP Blocking Service or Network Appliance infringes or misappropriates: (i) any patent; (ii) a copyright; or (iii) trade secret rights, provided that, User promptly notifies Bandura in writing of any such claim and Bandura is permitted to control fully the defense and any settlement of such claim as long as such settlement shall not include a financial obligation on User. User shall cooperate fully in the defense of such claim and may appear, at its own expense, through counsel reasonably acceptable to Bandura.

3.3 Indemnification of Bandura and AIG:

To the extent permissible by law, User shall indemnify Bandura, AIG, and their licensors, against all third party claims, liabilities, and costs, including reasonable legal fees, reasonably incurred in the defense of any claim (other than for the infringement of intellectual property rights specified in Section 3.2 above), arising out of User’s breach of its representations and warranties under this Agreement or User’s unauthorized use of the Licensed Software, IP Blocking Service or Network Appliance, and other proprietary information licensed under this Agreement, provided that, Bandura or AIG promptly notifies User in writing of such claim and that User is permitted to control fully the defense and any settlement of the claim.

4. Term and Termination.

This Agreement will become effective on the date User accept its terms and conditions or accesses the Licensed Software or IP Blocking Service and will remain in force until User or AIG terminates this Agreement. AIG will be deemed to have terminated this Agreement and the User’s right to use of the Licensed Software and the IP Blocking Service immediately without notice if User: (i) fails to comply with the terms and conditions of this Agreement, or (ii) no longer has an in-force cyber insurance policy with AIG or one of its insurance company affiliates. Notwithstanding, AIG reserves the right to terminate User’s use of the Licensed Software and IP Blocking Service, for any reason whatsoever, with ten (10) days written notice to User. Email notice to User is deemed to be sufficient notice under this Agreement.

Unless otherwise agreed by User and Bandura, User is not required to return any Network Appliance intentionally provided by Bandura as part of the IP Blocking Service.

5. Waiver.

No waiver of any right under this Agreement shall be effective unless in writing, signed by a duly authorized representative of the Party to be bound. No waiver of any past or present right arising from any breach or failure to perform shall be deemed to be a waiver of any future right.

6. Severability.

If any provision in this Agreement is invalid or unenforceable, that provision shall be construed, limited, modified or, if necessary, severed, to the extent necessary, to eliminate its invalidity or unenforceability, and the other provisions of this License shall remain unaffected.

7. Governing Law.

Except as otherwise restricted by law, this License shall be governed by the internal laws of the State of New York (as permitted by Section 5-1401 of the New York General Obligations Law or any similar successor provision), without giving effect to any choice of law rule that would cause the application of the laws of any jurisdiction other than the internal laws of the State of New York to the rights and duties of the Parties. The Parties expressly agree that the United Nations Convention on Contracts for the International Sale of Goods Act shall not apply to this Agreement.

8. Export Control Notice.

Regardless of any disclosure made by User to Bandura or AIG of an ultimate destination of the Licensed Software or IP Blocking Service (including any Network Appliance provided in connection therewith), User acknowledges that if the Licensed Software, IP Blocking Service or Network Appliance is being released or transferred to User in the United States that it is subject to the U.S. and European Union export control laws. User acknowledges its exclusive obligation to ensure that its exports from the United States are in compliance with the U.S. export control laws. User shall also be responsible for complying with all applicable governmental regulations of any foreign countries with respect to the use of the Licensed Software, IP Blocking Service or Network Appliance outside of the United States. User agrees that it will not submit the Licensed Software, IP Blocking Service or Network Appliance or any related content to any government agency for licensing consideration or other regulatory approval without the prior written consent of Bandura. Customer shall defend, indemnify, and hold Bandura and AIG harmless from and against any and all claims, judgments, awards, and costs (including reasonable legal fees) arising out of User’s noncompliance with applicable U.S. or foreign law with respect to the use or transfer of the Licensed Software, IP Blocking Service or Network Appliance outside the United States by User and its affiliates.

The Licensed Software, IP Blocking Service and Network Appliance provide services and use software and technology that may be subject to United States export controls administered by the U.S. Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, and other U.S. agencies. The User acknowledges and agrees that the Licensed Software, IP Blocking Service and Network Appliance shall not be used, and none of the underlying information, software, or technology may be transferred or otherwise exported or re-exported to any countries to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders (collectively, “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. By using this Licensed Software and IP Blocking Service, User represents and warrants that it is not located in, under the control of, or a national or resident of an Embargoed Country or Designated National. User agrees to comply strictly with all U.S. export laws.

9. Warranty Disclaimer.

EXCEPT AS OTHERWISE RESTRICTED BY LAW, NEITHER BANDURA NOR AIG MAKE ANY REPRESENTATION, WARRANTY, OR GUARANTY AS TO THE RELIABILITY, TIMELINESS, QUALITY, SUITABILITY, TRUTH, AVAILABILITY, ACCURACY OR COMPLETENESS OF THE LICENSED SOFTWARE OR IP BLOCKING SERVICE. BANDURA AND AIG DO NOT REPRESENT OR WARRANT THAT (A) THE USE OF THE LICENSED SOFTWARE OR IP BLOCKING SERVICE WILL BE COMPLETELY SECURE, TIMELY, UNINTERRUPTED OR ERROR-FREE OR OPERATE IN COMBINATION WITH ANY OTHER HARDWARE, SOFTWARE, SYSTEM OR DATA, (B) THE LICENSED SOFTWARE OR IP BLOCKING SERVICE WILL MEET USER’S REQUIREMENTS OR EXPECTATIONS, (C) ANY STORED DATA WILL BE ACCURATE OR RELIABLE, (D) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL PURCHASED OR OBTAINED BY USER THROUGH THE LICENSED SOFTWARE OR IP BLOCKING SERVICE WILL MEET USER’S REQUIREMENTS OR EXPECTATIONS, (E) ERRORS OR DEFECTS WILL BE CORRECTED, (F) THE LICENSED SOFTWARE OR IP BLOCKING SERVICE OR THE SERVER(S) THAT MAKE THEM AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR (G) THE SECURITY SERVICES ARE SUITABLE FOR ALL NETWORKS.
THE LICENSED SOFTWARE AND IP BLOCKING SERVICE IS PROVIDED TO USER STRICTLY ON AN “AS IS” BASIS. ALL CONDITIONS, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS, ARE HEREBY DISCLAIMED TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW BY BANDURA AND AIG.

10. Internet Delays.

User acknowledges that access to the Licensed Software and IP Blocking Service may be subject to limitations, delays, and other problems inherent in the use of the Internet and electronic communications. Bandura and AIG are not responsible for any delays, delivery failures, or other damage resulting from such problems.

11. Limitation of Liability.

EXCEPT AS OTHERWISE RESTRICTED BY LAW OR AS STATED HEREIN, BANDURA AND AIG SHALL NOT BE LIABLE FOR ANY DIRECT OR INDIRECT DAMAGES (IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE), INCLUDING BUT NOT LIMITED TO, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (INCLUDING, WITHOUT LIMITATION, LOSS OF DATA, REVENUE, PROFITS, USE OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE LICENSED SOFTWARE OR IP BLOCKING SERVICE, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE LICENSED SOFTWARE OR IP BLOCKING SERVICE, , ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, REGARDLESS OF CAUSE AND/OR FITNESS FOR A PARTICULAR PURPOSE, EVEN IF ADVISED OF THE POSSIBILITY OF THOSE DAMAGES.

IN FURTHERANCE, AND NOT IN LIMITATION OF, THE FOREGOING, BANDURA AND AIG ASSUME NO RESPONSIBILITY, AND SHALL NOT BE LIABLE FOR, ANY DAMAGES TO, OR VIRUSES THAT MAY INFECT, YOUR COMPUTER EQUIPMENT OR OTHER PROPERTY AS A RESULT OF YOUR ACCESS TO, USE OF, OR YOUR DOWNLOADING OF ANY MATERIALS, DATA, TEXT, IMAGES, VIDEO, OR AUDIO ARISING OUT OF OR RELATING TO THE LICENSED SOFTWARE OR IP BLOCKING SERVICE.

12. Confidentiality.
As used herein, “Confidential Information” means any non-public technical or business information of Bandura (or its licensors), including without limitation, any information, relating to Bandura’s techniques, algorithms, software, know-how, current and future products and services, research, engineering, designs, financial information, procurement requirements, manufacturing, customer lists, business forecasts, marketing plans and information, the terms and conditions of this Agreement, and any other information of Bandura (or its licensors) that is disclosed to User. Customer will take all reasonable measures to maintain the confidentiality of Bandura’s Confidential Information, but in no event less than the measures User uses to protect its own confidential information. User will limit the disclosure of Bandura’s Confidential Information to its employees with a bona fide need to access such Confidential Information in order to exercise its rights and obligations under this Agreement; provided that all such employees are bound by a written non-disclosure agreement that contains restrictions at least as protective as those set forth herein. User agrees that Bandura will suffer irreparable harm in the event that User breach any obligations under this Section 12 and that monetary damages will be inadequate to compensate Bandura for such breach. In the event of a breach or threatened breach of any of the provisions of this Section 12, Bandura, in addition to and not in limitation of any other rights, remedies or damages available to it at law or in equity, shall be entitled to a temporary restraining order, preliminary injunction and/or permanent injunction in order to prevent or to restrain any such breach.

13. Entire Agreement.

This Agreement sets forth the entire understanding and license between User, Bandura and AIG. This Agreement may be amended joint notice from AIG and Bandura to User concurrently with User’s renewal of the insurance policy with AIG. No other person is authorized to modify this Agreement or to make any warranty, representation or promise, which is different than, or in addition to, the warranty, representations or promises herein.