So why do enterprises succumb to such attacks? The thing is, if you can’t see all the bad guys out there, what chance would you have fighting them?
It is this lack of visibility that is at the heart of the cyber security problem, says A.J. Shipley of LookingGlass Cyber Solutions, which plugs vital cyber security gaps with a range of threat intelligence driven products and services. Over the past decade, LookingGlass has transformed the art of threat intelligence, with its approach to threat intelligence focused on the data, the platform, and the delivery of actionable intelligence. Their proprietary intelligence includes malicious and phishing URLs, malicious command and control feeds, global botnet infections, newly registered domain names, and a database of over 2.5 billion unique compromised account credentials, all of which inform and action their product portfolio.
“When used correctly, this intelligence delivers real time protection and multiple layers of security from known bad websites,” says Shipley, a 20-year cyber security veteran and vice president of products at the cybersecurity firm headquartered in Reston, VA. “LookingGlass is the only threat-centric security company in the industry with the portfolio to holistically operationalize cyber threat intelligence.”
Today, an increasing security challenge is the large number of low-cost, poorly secured, connected devices spurred by the Internet of Things (IoT). Massive botnets of compromised devices, controlled easily by relocatable command and control (C2) infrastructure, overwhelm enterprises with billions of data requests that can knock services offline for hours or even days, costing upwards of $40,000 per day and many times more for ecommerce firms.
LookingGlass is the only threat-centric security company in the industry with the portfolio to holistically operationalize cyber threat intelligence
LookingGlass is able to address this challenge in multiple ways. First, its threat intelligence platforms identify the malware, actors, and devices that comprise the DDoS botnet, bringing great visibility to the risks. Second, its collection of known bad C2 domains, integrated with their threat intelligence gateways, disrupts communication between the compromised devices and the C2 servers, effectively rendering the malware harmless. Finally, in the case of DNS, their DNS Defender firewall protects authoritative and recursive DNS servers from DDoS and other types of DNS attacks.
While known for their ScoutVision Threat Intelligence Platform (TIP), in 2015 LookingGlass made significant investments to its portfolio of products and services with the acquisitions of CloudShield and Cyveillance. CloudShield brought a set of market-leading threat intelligence gateways, including a DNS protocol specific firewall called DNS Defender, which is currently deployed by Internet service providers around the world. The Cyveillance acquisition gave LookingGlass the ability to track malicious actors, their tactics, techniques, and procedures, and the multitude of malware adaptations used to conduct DDoS attacks by monitoring open source forums, including those located on the dark web.
“By tracking the movements of threat actors through various social media, deep, and dark web forums, we are able to proactively identify potential new campaigns and integrate that situational awareness into our deployed solutions,” says Shipley, who has previously worked at NetApp, Wind River and Cisco.
LookingGlass plans to continue its strategy of tightly coupling the data, platform, and delivery of threat intelligence with the goal of significantly reducing or eliminating cyber risk worldwide.