Verizon announced its new Threat Intelligence Platform service on June 5, bringing insight from the company’s broad cyber-security incident investigation operations to enterprises.
With the new subscription-based service, cyber-security threat intelligence that comes from Verizon’s own network is being made available via an integration with the Anomali Threat Platform. The intelligence provided by Verizon also benefits from the company’s Data Breach Investigations Report (DBIR) and the Verizon Risk Report (VRR), both of which provide further insight into the state of cyber-risks.
“We are in a special place in the security context since, more often than not, because of our network, we sit between cyber-criminals and their victims,” Bryan Sartin, executive director of Global Security Services at Verizon, told eWEEK. “It puts us in the position of having certain optics, and a by-product of those optics is intelligence that makes a difference for detection, and especially in response to cyber-attacks in motion.”
Sartin added that Verizon is now in a position with the Threat Intelligence Platform service to take its intelligence and make it available to enterprises and government agencies. Prior to the launch of the Threat Intelligence Platform service, Sartin said that providing Verizon’s intelligence was more of a “special sauce” that was always something behind the scenes that made services better. Those services include managed security operation centers and general managed security services.
Verizon is now taking its cyber-threat intelligence and attack history and making it available to help identify threats, according to Sartin. For example, he said organization can check to see if a given IP address has been seen before in an attack and an associated risk level.
The Threat Intelligence Platform service is being made available on the Anomali Threat Platform, which provides real-time threat forensics and SIEM (Security Information and Event Manager) capabilities. Anomali is a company that was originally known as ThreatStream and rebranded in February 2016. The company has raised a total of $96 million in venture funding, including a $40 million Series D round announced on Jan. 17.
“They’re [Anomali] the bus behind the service, the interconnect system that enables us to reliably connect our intel with customers,” Sartin said.
Sartin added that Verizon has been using Anomali in its own operations with positive results. The Anomali Threat Platform is available both as an on-premises option as well as in cloud service. While the first iteration of the Threat Intelligence Platform service is being made available on the Anomali platform, Sartin noted that overall Verizon aims to be a vendor-agnostic security services provider.
“In the future, I expect we will have a larger ecosystem of different types of technology partners that we could bring to bear, not just Anomali, but other partners as well,” he said.
There are many different sources for threat intelligence feeds that an organization can consume. Sartin noted that he’s come across companies that make use of hundreds of different data feeds. He added that often there is a lot overlap in the data, but that’s not what he expects enterprises to find with Verizon’s service.
“I think some of the best information that we’re bringing to bear here is consolidated information from our global operations and internal security teams,” Sartin said. “It’s totally unique, and a very different subset of information than you would otherwise get from any other source.”
In addition, he emphasized that the contextual relevance that Verizon is bringing to the threat data provides indicators of real risk to enterprises.
One of the hardest things to do in any security investigation is attribution and figuring out the source of an attack. Sartin said that Verizon has multiple layers of attribution information that it is able to collect, though not all of it is made available through the new Threat Intelligence Platform service. He noted that Verizon works with law enforcement and has worked to help coordinate takedowns of attacker command and control infrastructure.
“We’ve got a lot of visibility into data, but we can’t of course bring all of that to bear, as there are restrictions and regulatory overhead,” Sartin said. “When there is information that truly moves the needle in terms of better detection of cyber-attacks and quicker response time, if that information is instrumental and is impactful in those settings, then it is information we’re trying to bring to bear.”
Looking forward, Sartin said the Threat Intelligence Platform service is likely the first of many new cyber-security services that Verizon is going to be bringing to market.
“I think you’re going to see more technology, especially around deception and other technologies that improve the time to containment,” he said.
Sartin added that Verizon could also integrate its virtual network services software as part of an adaptive response capability to help defend and respond to attacks.
“There’s a really brilliant intersection right in front of us, where we add some of our detection and response improvements with software-defined networking,” he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.