As your customers become more comfortable with the idea of integrating threat intelligence capabilities into their network and data security architecture, you will be called upon to answer a number of common questions. One of those questions will no doubt be whether they should focus on cloud-based or on-site threat intelligence solutions.
Answering this question will require you to communicate to your customers the importance of looking beyond a black-and-white, one-or-the-other "cloud vs. on-site" perspective on data and network security. The fact of the matter is that cloud computing is becoming more and more integrated with traditional, on-premises enterprise computing. The much-talked-about enterprise move to the cloud is not an abandonment of the corporate data center but an extension of it: cloud-based applications to provide agility and scalability while the most sensitive data remain safe behind the corporate firewall.
In the case of cloud and on-site threat intelligence architecture, the optimal setup for a security-conscious enterprise will be one that makes use of advanced on-site infrastructure capable of leveraging the vast and constantly updated volumes of data available in cloud-based threat intelligence databases.
To put it simply, cloud-based threat intelligence databases provide the clues, the context, and the analysis, while integrated on-site security hardware acts on this intelligence at the site of the attempted attack or intrusion. Threat intelligence databases are immense repositories, not only of known virus and malware signatures but also of the activity patterns and payloads of previously discovered malicious code and, perhaps more important still, the context in which previously detected attacks have taken place, including information such as the targets' and victims' industry and vertical. The power of cloud-based threat intelligence databases arises from the real-time, big-data-enabled processing and analysis of all these different pieces of data in order to nearly instantaneously produce a judgment on whether an actionable threat exists or not.
Once that judgment has been made, however, it's up to security infrastructure at the site of the attempted penetration to act on the intelligence it has received. Here the virtualized or on-site infrastructure that the organization uses is best suited to the task—if it is equipped to make use of cloud-based threat intelligence. Virtualized, physical, or software-based security solutions such as firewalls and Next-Generation Firewalls (NGFWs), endpoint security software, Web and content filtering gateways, and intrusion prevention systems (IPS) must be able to take action without human intervention in order to provide the most immediate response to the threat. In order to do so, such solutions need to be not only tightly integrated with the cloud-based threat intelligence database or databases that the customer plans to use but also capable of providing automated, policy-based enforcement.
As you can see from this brief overview of the necessity of both cloud and on-site components to threat intelligence-driven security, there's a lot for both you and your customers to consider before you can help bring their data and network security architecture up to date. Get started today by talking to an Ingram Micro Networking and Security specialist to find the resources you'll need to make threat intelligence sales.