Lookingglass Cyber Solutions’ acquisition of CloudShield Technologies is aimed at helping improve its dynamic threat intelligence platform capabilities. Financial terms of the deal, announced today, are not being disclosed publicly.
“All of CloudShield’s engineering and the bulk of the employees have come over to Lookingglass,” Chris Coleman, Lookinglass CEO, told eWEEK.
CloudShield’s deep packet processing capabilities will enhance Lookingglass’ dynamic threat intelligence technology.
CloudShield technology provides standalone platforms that Lookingglass will continue to sell, Coleman said. CloudShield’s technology includes the CS-4000 Trusted Network Security platform, the PN4 Deep Packet Processing Module and the CS-2000 Content Processing platform.
“We are also working on an integration of the CloudShield technology into our solution to enable machine-ready threat intelligence into the network,” Coleman said.
Lookingglass wanted to add CloudShield to its platform to better enable threat intelligence at a network level, Coleman said.
Lookingglass’ existing platforms include the CloudScout and ScoutVision dynamic threat intelligence technologies. CloudScout is the cloud platform, while ScoutVision is an on-premises appliance.
“We’re big on the term ‘dynamic threat defense,’ which means that not every indicator is an explicit call to deny or allow traffic,” Coleman said. “What CloudShield provides us is the ability to control our own destiny in how we integrate and operationalize threat intelligence in the market.”
The plan is to be able to drive threat intelligence into the fabric of the network, adding a service control layer. The combined Lookingglass CloudShield platform will enable a new type of control, Coleman explained. “For example, we’ll be able to do things like slowing transactions, until an investigation is concluded on how to handle potentially suspect traffic,” Coleman said.
The Lookingglass Scout platform is unlike traditional Security Intelligence and Event Management (SIEM) technologies in that Scout is focused on the outside world, rather than just an enterprise’s local network. What the Scout platform understands is the full network as well as how it is used and then overlays threat indicators on top, Coleman said, adding that Lookingglass collects approximately 68 million unique indicators on a daily basis that could be associated with potential IT security.
“While we provide a rich API for tying into SIEMs, we’re very much focused on gaining global situational awareness and understanding the risks that are present,” Coleman said.
The Lookingglass Scout platform will take intelligence data from various sources and normalize it with the company’s core intelligence processor.
A key focus for Lookingglass has been to help organizations make sense of threat intelligence data, Coleman said.
Currently, Lookingglass displays all the data in a user interface and the system does not yet have a formal scoring mechanism to rank information.
“Our next-generation platform, which will be out in the late second half of this year, will integrate a very robust scoring mechanism,” Coleman said. “Our next release will be very big on showing the end user how and why a particular score is given for their own environment.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.