A new CTI feed from Secutec aims to strengthen firewalls with up-to-date threat information and make companies invisible to automated scans of newly discovered vulnerabilities.
Secutec has launched a new service that protects companies against digital reconnaissance of potential vulnerabilities via internet scanners. The cybersecurity firm from Aartselaar introduces a Cyberthreat Intelligence feed (CTI feed), which automatically updates customers’ firewalls every four hours. The updates are based on information from local and international sources. Secutec aims to block incoming traffic from malicious IP addresses and domains and prevent infrastructure from being mapped for future attacks.
Visibly vulnerable to everyone
Internet scanners work similarly to search engines, but for IT infrastructure. They legitimately map out all systems behind IP addresses. Firewalls usually do not block these scanners because the technology is used by security teams like CERTs to detect vulnerabilities.
read also
Secutec shields customers from internet scanners searching for zero days
At the same time, cybercriminals also use these tools to quickly find targets when new weaknesses, such as zero-day vulnerabilities, become known. This allows hackers to quickly identify targets where a particular bug can be exploited.
‘Virtually’ patched
To reduce this risk, Secutec now uses the CTI feed to automatically shield companies from scanners. The company aims to prevent systems from being indexed and appearing on the radar of malicious actors.
“Customers can now protect themselves cost-effectively with our CTI feeds,” says Geert Bauwdewijns, CEO of Secutec. “They become invisible and can quickly or at least ‘virtually’ patch zero-day vulnerabilities while the cybercriminal tries to break in elsewhere.” By virtual patching, he refers to the fact that any unpatched bug is already shielded from the prying eyes of opportunistic hackers.
The new feed integrates information from the Belgian CERT. This way, threats from Belgium are prioritized in firewall rules, while international threats are also considered. The CTI feed collects data on malware campaigns, botnets, fraudulent ads, and Advanced Persistent Threats (APTs).