Automating OFAC compliance through ThreatSTOP can be as simple as five steps:
 

  1. Seamlessly integrating the aggregation and enrichment of threat intelligence from diverse sources
  2. Precision categorization
  3. User-customized policy creation
  4. Thorough research and enrichment, including subsidiary identification
  5. Effortless enforcement with automated reporting, ensuring efficient and effective risk mitigation. 

Watch this video as Paul and Ofir discuss different threats and ways to thwart them.

 

 

Key Takeaway

ThreatSTOP's process for automating compliance involves aggregating, enriching, and categorizing threat intelligence from various sources, including government and proprietary data, using geographic threat intelligence, and partnering with compliance experts like Fiveby. This intelligence is transformed into user-customizable policies, taking into account OFAC updates, global entities, subsidiaries, and detailed research. Enrichment and categorization ensure precision, while easy policy configuration and automated reporting culminate in effective compliance risk management.

Get a Demo

 

Learn More:

What DNS Security Does A Typical Enterprise Need?

DNS Defense Cloud 

DNS Defense 

 

Video Transcript

Intro
About ThreatSTOP
Gathering Data in Categories
Research & Enrich
Policy Automation by User
Enforcing & Responding

Ok, now to look at the details here, I’m going to introduce Ofir Ashman, our head of security, and she's going to tell you about how it really works inside. 

Thank you, Paul. Okay, so let's talk a bit about the steps in automating compliance, right? Let’s talk about the details.

About ThreatSTOP
So what ThreatSTOP does is we take thread intelligence, aggregate it, enrich it, and put it automatically into network enforcement policies. Now when we're talking about compliance, we're talking about compliance intelligence, right? But you can see the flow here. We collect the CTI from a bunch of different resources. We have proprietary sources. We have government sources. We use geographic threat intelligence, which is especially relevant for compliance, and obviously, we use government sources like OFAC and their updates, as well as a partnership that we have done with Fiveby, who's a class-leading compliance expert firm that does consultancy exactly on the subject, and they are the experts in that subject.

We take that threat intelligence, and our system ingests it, and categorizes it, right? You have OFAC entities, you have different countries, you have different sanctions regimes, and our system knows how to categorize that and put it into different threat intelligence feeds. Now the data comes in raw, but we want to format it and enrich it and also analyze it in a way that you're getting the best data. So we're going to make sure that you know we get rid of those false positives. We don't want you to block anything that you don't want to block. We don't want to cause any disruption in business, and we're going to make sure that that data gets taken out before it gets into your policy. 

Now, as a user, the user can come and create their own custom policy. They want to block more or less certain countries, certain sanctions regimes. They can all do that with one click in their portal, and it's automatically and almost instantly propagated into their network.

Gathering Data in Categories
So how do we do that? The first step is gathering the data and then categorizing it; that's the second one. Our very big important source, for example, is OFAC, right? OFAC always updates on the new sanctions. These sanctions are changing almost every day. New countries are being more broadly sanctioned, new entities, and individuals. 

Another thing that is important to look at, for example, is global entities and global subsidiaries of these entities, right? We have Huawei, who also has offices in Santiago, Chile, and that is something that any company who is obliged to deal with these sanctions and to work under these engines needs to be aware of and needs to make sure they're not doing business in that communication. 

As I mentioned before, we have an amazing source, Fiveby, an expert on sanctions, who are able to pick and research into the depth of these entities because sanctioned entities by OFAC are one thing. You have a list, it's quite hard to understand, but there's a publicly available list of entities that are sanctioned by the U.S. government. But what about their subsidiaries? What about a Russian bank subsidiary in another place in Eastern Europe, in Africa? 

Fiveby does that research and gives the exact names of these fully owned fifty percent owned subsidiaries, and they are also under the same sanctions as their parents, and there are many, many different legal papers, and like articles that are posted by the government which also need to be read, understood, and processed into blockable data in order to ensure compliance.

Research & Enrich
Now, after we aggregate all this information and we look into it and analyze it a bit, we also need to do some more research, and a very important part is enrichment. We wanted to make sure that we are getting all the information, whether it's in a different language, whether it's hard to find, and also the IP data, right? If that gives us the names, we want to find the domain names to block and the IPS. 

So we have autonomous systems for a company that can be spread all over the world, as we can see here with Huawei and even specific prefixes, and IP spaces that are smaller, and we need to find and make sure that our customers and users are not communicating with it.

Policy Automation by User
Now once you have all of this data, it's fully customizable for you as a user to go ahead and tailor the user policy to the user's needs. You can block by sanctions regime, OFAC, ITAR. You can block by Geo, a whole country, CCTLD a whole country IB space, or also add entities, global subsidiaries, and also play around with the amount of control, right? Are you blocking only 100 percent controlled entities or also less because if it's over fifty percent, it's ancient bio effect.

Enforcing & Responding
And the most important part, getting the policies onto the enforcement in the network, very easy to configure. You get this automated reporting, and you know what's going on in your network, and you're getting the compliance risk blocked.