A new integrated service from Cassini Leveraging Fortinet Firewalls can have your organisation better protected.
There is no better time than today to plan for how you’ll respond to a serious cyber-attack. Instigating a rock solid
cyber response plan requires identifying the risk to your business at a senior governance level, and understanding who is responsible for planning your response. Then it is a matter of engaging a proven solution.
Recently, a powerful new tool has been placed into the hands of New Zealand businesses in order to specifi cally combat attacks which target New Zealand companies. This takes the form of two new ‘threat intelligence feeds’ delivered by the National Cyber Security Centre (NCSC) and CERT NZ, which are now available to an increasing number of New Zealand organisations. Combined, it is an affordable Cyber Threat Intelligence (CTI) service being offered by leading information security consultancy and software developer Cassini, who leverage internationally respected Fortinet Firewalls to deliver the detection and disruption capability.
Cassini works with companies to ensure they can on-board the NCSC-delivered Malware Free Networks (MFN) and CERT NZ threat intelligence feeds quickly and easily.
Threat intelligence feeds contain lists of Internet locations (domain names, URLs, IP addresses), known as Indicators of Compromise (IOCs), which are associated with malicious cyber activity. If you see traffic on your network coming from, or going to, one of these locations, it’s a clear indication that your company is either under attack or potentially compromised. MFN provides near real-time threat intelligence reflecting current malicious activity targeting New Zealand companies and organisations. It helps defend against malicious activity and is curated from a range of sources including the NCSC’s
international cyber security partners and information drawn from the NCSC’s cyber defence capabilities. CERT NZ’s Threat Intelligence API (Application Programming Interface) helps disrupt phishing attacks targeting New Zealanders and New Zealand organisations (it recently publicly acknowledged1 Cassini in relation to great results in the disruption of a phishing campaign targeting Kiwis when a malicious actor purported to be the IRD around tax refund time).
CERT NZ authored indicators are curated by experts from information sources for campaigns misrepresenting New Zealand brands. Cassini believes that in 2021 all New Zealand companies should receive the protection offered by these aforementioned feeds and has identified the barriers that companies face in operationalizing these protections. The service is available directly from Cassini, but talks are also in place with major New Zealand service providers to allow for consumption through existing communications partners. In short, the Cassini CTI SaaS solution has been developed to reduce barriers to adoption.
Cassini’s philosophy is to make the use of threat intelligence proactive rather than reactive. Many organisations focus solely on
using threat intelligence as a detection mechanism to alert them when malicious activity is occurring on their network. Cassini believes that given the nature of threats companies are facing today, disruption is critical in preventing potentially significant harm, and that disruption and detection must go hand in hand to provide an effective defence. The Cassini CTI service and Fortinet firewall combination provides active detection and disruption of network traffic that matches the IOCs provided by the MFN and CERT NZ threat feeds. This means that cyber-attacks that match IOCs published by the feed providers can be proactively prevented. It is much cheaper and easier to prevent the harm from occurring in the first place than needing to run
an incident response process to clean up after the fact.
The Cassini CTI service consolidates the threat information from MFN and the CERT NZ phishing feed, manages the information
lifecycle for things such as indicator expiration and revocation, and provides a flexible API to adapt the output to whatever the customer’s integration point requires. This means that by using Fortinet devices the Cassini CTI service can be configured with just a few commands, and the protections provided by the two feeds are immediate.
One of the overarching tenets of how Cassini is delivering its CTI service is that customers should be able to deploy the protections by ‘configuring’ existing infrastructure rather than ‘building’ new infrastructure or systems. This is where the simplicity of the Fortinet firewall integration pays dividends. Customers are able deploy these protections across their network by adding some simple configuration to their firewall devices.
Once the solution is confi gured, there’s virtually no ongoing operational overhead associated with it. The entire solution is fully
automated from the customer’s perspective, and they only need to take action when a detection/disruption event occurs.
In some cases, such as a phishing attack, there is no further action required from the customer as the potential harm has already been mitigated.
For more information go to www.cassini.nz
1 https://www.cert.govt.nz/business/news-and-events/cert-nzs-threat-feed-saves-new-zealanders-
a-costly-tax-year-2/