Lilly Tech Systems
Intermediate
Threat Intelligence Integration
Integrate AI-curated threat intelligence feeds into firewall policies for proactive blocking of known malicious infrastructure and emerging threats.
Threat Intelligence Sources
- Commercial feeds: Recorded Future, CrowdStrike, Mandiant — curated, high-quality IOCs
- Open-source feeds: AlienVault OTX, Abuse.ch, PhishTank — community-driven intelligence
- Industry ISACs: Sector-specific threat sharing (FS-ISAC, H-ISAC, etc.)
- Internal telemetry: IOCs discovered from your own incident investigations
AI-Powered Feed Curation
Raw threat feeds contain noise. AI helps curate and prioritize:
| AI Capability | Benefit |
|---|---|
| Confidence scoring | ML ranks IOCs by reliability across multiple sources |
| Relevance filtering | AI identifies which threats target your industry/technology stack |
| Deduplication | Merge overlapping IOCs from multiple feeds |
| Aging and expiry | Automatically remove stale IOCs that are no longer active threats |
Quality over quantity: A firewall blocking 100 high-confidence IOCs is more effective than one loaded with 100,000 unvetted entries. AI curation ensures you block real threats without performance impact from oversized blocklists.
Automated Feed-to-Firewall Pipeline
- Ingest: Pull IOCs from multiple feeds via STIX/TAXII or REST APIs
- Curate: AI scores, deduplicates, and filters IOCs
- Transform: Convert IOCs into firewall-specific rule format
- Deploy: Push rules to firewalls via API (PAN-OS, FortiOS, etc.)
- Monitor: Track block rates and false positive reports
Start here: Begin with the Abuse.ch blocklist (free, well-maintained) for malware C2 IPs. Integrate it with your firewall's external blocklist feature. This takes minutes to set up and immediately blocks thousands of known malicious endpoints.