Using a Threat Intelligence Gateway to Reduce Ransomware Risk

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Ransomware has become the largest cyber threat. When you see a title that says “NotPetya Costs Merck, FedEx, Maersk $800M” it grabs your attention.

All companies are looking at ways to bolster ransomware defenses. While there’s no silver bullet using Cyber Threat Intelligence (CTI) can significantly mitigate ransomware risk. The challenge with CTI is that it can be difficult to acquire, manage, and operationalize.

The emergence of Threat Intelligence Gateway (TIG) technology like our PoliWall® TIG™ eliminates these enabling you to consume and take action with CTI in an easy, scalable, and automated way.

Let’s look at how organizations are using PoliWall to mitigate ransomware risk.

Reducing the Ransomware Attack Surface with GEO-IP Filtering

PoliWall contains country IP information for every country. Like IPs in general, country IPs are dynamic and constantly changing. PoliWall ensures that country IPs are always up to date. When it comes to deploying GEO-IP filtering policies, this is easily done with the click of a map.

Don’t do business with Russia or China, well then there’s probably no need for traffic from these countries to be on your network. By deploying GEO-IP filtering in and easy, automated, and scalable way, organizations are significantly reducing their attack surface and exposure to ransomware risk.

GEO-IP filtering is not a new concept but what’s new with PoliWall TIG is a much simpler and easier way to operationalize it vs. the traditional approach of firewall rules and access control lists (ACLs). We are seeing significant interest from organizations using PoliWall TIG to consolidate and reduce the management burden of GEO-IP blocking efforts.

Use Cyber Threat Intelligence to Block Known Threats

While GEO-IP filtering is an excellent way to reduce your ransomware attack surface, applying Cyber Threat Intelligence (CTI) can help further mitigate this risk. The good news is there is a significant amount of actionable CTI that exists.

The bad news is: (1) your existing network security controls like firewalls only give you a limited subset of CTI because they weren’t built to handle the massive volume of indicators required to protect today’s networks; and (2) while there is a significant amount of CTI available many companies lack the resources to fully use and apply it effectively. If you are one of the lucky few that are, then you’re probably facing challenges managing and operationalizing it.


PoliWall TIG eliminates these issues. PoliWall TIG gives you access to CTI at the scale you need to protect yourself AND it enables you to operationalize it in a simple and automated way. #Winning!

PoliWall TIG comes out-of-the-box with approximately 10 million CTI indicators (IPs and domains) across 17 threat categories including botnets, command and control, Tor/anonymizers to name a few. PoliWall can easily integrate with additional threat feeds and can filter traffic against over 100,000,000 indicators with virtually no latency. This compares to the 100,000 indicators most firewalls can process before significant performance issues kick in.

Not only do you get significantly more CTI with a PoliWall, it’s is also significantly easier to manage than using firewall rules and ACLs. Policies are easily configured through an intuitive interface.

Want to block Botnets? Check!

Want to adjust your risk threshold for Command & Control? Slide!

CTI in PoliWall is dynamically updated in near real time and policies automatically applied eliminating the operational burden of firewall rules and ACL management and improving your security posture.


Ransomware risk is a fact of life. While there’s no silver bullets to 100% prevent ransomware, by applying GEO-IP filtering and Cyber Threat Intelligence you can significantly mitigate your risk. Our PoliWall TIG enables you to apply GEO-IP and threat indicator-based network protection at the scale you need in a simple and automated way.

For more information on PoliWall TIG check out our data sheet. We’re also happy to provide you a demo and/or a free 30-day evaluation of PoliWall.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Bandura Systems
Bandura Systems pioneered the Threat Intelligence Gateway (TIG) in part with the U.S. Department of Defense. Bandura’s PoliWall™ is the most comprehensive, scalable and granular TIG platform on the market. Organizations worldwide use TIGs for the automation and control needed to operationalize hundreds of million threat indicators blocking known threats before they even reach the network firewall. Underlying Bandura’s robust technology are more than 50 issued and pending patents.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?