8 Key Questions to Ask about Operating a TIP in an Air-gapped EnvironmentPOSTED BY LIZ BUSH
If your organization uses air-gapping to protect critical systems, you may be wondering about the implications for using threat intelligence. After all, most threat intelligence platforms require an internet connection to get threat data from external sources. But in an air-gapped environment, computers or networks are physically isolated from unsecured networks like the internet or an unsecured local area network. This complete separation can hinder the capabilities of a threat intelligence platform.
Fortunately, ThreatQ is designed to meet this challenge, providing flexibility in how you deploy and use the platform to meet your specific security and environment requirements.
If you operate in an air-gapped environment and are considering a threat intelligence platform, here are 8 key questions to ask as you consider your options.
- Is there a way to capture threat data from external and internal sources without introducing security implications for the wider environment?
- If your solution is designed principally for cloud-based use, does migrating it to fit an on-premises use case require additional components? If so, does that introduce additional complexity and cost?
- Does your on-premise capability offer as many capabilities your cloud-based platform?
- How do you handle updates for new functionality and patch any newly discovered security vulnerabilities?
- What analysis and enrichment capabilities do you recommend and/or offer and where do they reside?
- Will there be any sacrifices in timeliness of data by deploying in an air-gapped environment?
- How is implementation in an air-gapped environment different from implementation in a typical internet-facing network zone?
- How do you approach integration with internal and external sources of enrichment without compromising the air-gapped environment?
The answers to these questions will reveal that not all threat intelligence platforms are up to the task. However, with thoughtful consideration to the capabilities and trade-offs, even security operations teams in highly regulated environments can use ThreatQ to accelerate security operations and mitigate risk.
For more information, download this white paper and learn more about how to deploy and use ThreatQ in an air-gapped environment.