Security giant Check Point has launched a pioneering new market for real-time security threats it hopes will offer a way for smaller third-party security firms to embed their intelligence on cyberattacks and malware attacks directly into the real-time filtering applied by the company's security products.
Called ThreatCloud IntelliStore, the idea behind the initiative is a logical next step for the ThreatCloud threat sharing system announced two years ago. That aggregated attack intelligence from Check Point's own customers as a way of offering herd immunity; Intellistore takes the same principle but extends it to a cottage industry of small security firms that gather often very high-quality intelligence on attacks in their respective niches.
The problem is that nobody gets to hear about this intelligence unless they happen to be a customer of that firm, leaving much of this important data stranded inside threat systems where each accumulates a small part of a much larger attack puzzle.
The technology behind IntelliStore has the potential to be disruptive for the security industry on a number of levels although at the company's annual CPX show in Barcelona this week the firm's management was keen to set more modest goals.
A major theme is simply the admission that acquiring broad intelligence on cyberattacks, especially targeted campaigns, is now almost impossible for even the largest players in the security industry, Check Point included. IntelliStore offers a standardised and automated mechanism for small firms to improve Check Point's own intelligence as part of a common pool.
Check Point lined up the first tranche of partners for the launch, including iSIGHT Partners, CrowdStrike, IID, NetClean, PhishLabs, SenseCy, and ThreatGrid, some of which are better known than others but all of which specialise in documenting different types of security threat.
Currently, nobody else has a market like this so Check Point has stolen a lead for the time being if — and only if — it can hold good on the second disruption promised by IntelliStore, namely that adding third-party attack intelligence actually makes the firm's security systems better at spotting threats.
Exactly how this happens depends on the type of feed being supplied. Some generate researched data on complex threats and targeted attacks, others simply a fingerprint of a specifc type of attack, for instance, a phishing campaign. Check Point takes this data and adds it to the filtering it applies on its security gateways, on paper at least boosting their security effectiveness.
There is, of course, another disruptive effect in play here which has as much to do with the security industry as the protection sold to customers. Currently, the industry is incredibly fragmented, not only in the multiplying layers of technology it offers but the the firms themselves. Many stay small because they can't find new customers rapidly enough to grow beyond their niche of expertise.
Sign up for CIO Asia eNewsletters.